CVE-2025-25734

Опубликовано: 26 авг. 2025

Источник: nvd

CVSS3: 6.8

EPSS Низкий

Описание

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 was discovered to contain an unauthenticated EFI shell which allows attackers to execute arbitrary code or escalate privileges during the boot process.

Ссылки

https://cwe.mitre.org/data/definitions/1233.html
Technical Description
https://phrack.org/issues/72/16_md
Exploit
Third Party Advisory
https://www.kapsch.net/_Resources/Persistent/3d251a8445e0bf50093903ad70b3dbed34dec7e7/KTC-CVS_RIS-9260_DataSheet.pdf
Broken Link
https://www.kapsch.net/_Resources/Persistent/55fb8d0fb279262809eac88d457894db1b3efcd5/Kapsch_RIS-9160_Datasheet_EN.pdf
Product
https://www.kapsch.net/en
Product
https://www.kapsch.net/en/press/releases/ktc-20200813-pr-en
Product

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:kapsch:ris-9160_firmware:3.2.0.829.23:*:*:*:*:*:*:*

cpe:2.3:o:kapsch:ris-9160_firmware:3.8.0.1119.42:*:*:*:*:*:*:*

cpe:2.3:o:kapsch:ris-9160_firmware:4.6.0.1211.28:*:*:*:*:*:*:*

cpe:2.3:h:kapsch:ris-9160:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

Одно из

cpe:2.3:o:kapsch:ris-9260_firmware:3.2.0.829.23:*:*:*:*:*:*:*

cpe:2.3:o:kapsch:ris-9260_firmware:3.8.0.1119.42:*:*:*:*:*:*:*

cpe:2.3:o:kapsch:ris-9260_firmware:4.6.0.1211.28:*:*:*:*:*:*:*

cpe:2.3:h:kapsch:ris-9260:-:*:*:*:*:*:*:*

EPSS

Процентиль: 27%

0.00098

Низкий

6.8 Medium

CVSS3

Дефекты

CWE-284

Связанные уязвимости

GHSA-6vxr-fv5p-2phr

CVSS3: 9.8

github

6 месяцев назад

BDU:2025-14396