CVE-2025-25735

Опубликовано: 26 авг. 2025

Источник: nvd

CVSS3: 4.6

EPSS Низкий

Описание

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to lack SPI Protected Range Registers (PRRs), allowing attackers with software running on the system to modify SPI flash in real-time.

Ссылки

https://cwe.mitre.org/data/definitions/1233.html
Technical Description
https://phrack.org/issues/72/16_md
Exploit
Third Party Advisory
https://www.kapsch.net/_Resources/Persistent/3d251a8445e0bf50093903ad70b3dbed34dec7e7/KTC-CVS_RIS-9260_DataSheet.pdf
Broken Link
https://www.kapsch.net/_Resources/Persistent/55fb8d0fb279262809eac88d457894db1b3efcd5/Kapsch_RIS-9160_Datasheet_EN.pdf
Product
https://www.kapsch.net/en
Product
https://www.kapsch.net/en/press/releases/ktc-20200813-pr-en
Product

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:kapsch:ris-9160_firmware:3.2.0.829.23:*:*:*:*:*:*:*

cpe:2.3:o:kapsch:ris-9160_firmware:3.8.0.1119.42:*:*:*:*:*:*:*

cpe:2.3:o:kapsch:ris-9160_firmware:4.6.0.1211.28:*:*:*:*:*:*:*

cpe:2.3:h:kapsch:ris-9160:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

Одно из

cpe:2.3:o:kapsch:ris-9260_firmware:3.2.0.829.23:*:*:*:*:*:*:*

cpe:2.3:o:kapsch:ris-9260_firmware:3.8.0.1119.42:*:*:*:*:*:*:*

cpe:2.3:o:kapsch:ris-9260_firmware:4.6.0.1211.28:*:*:*:*:*:*:*

cpe:2.3:h:kapsch:ris-9260:-:*:*:*:*:*:*:*

EPSS

Процентиль: 14%

0.00045

Низкий

4.6 Medium

CVSS3

Дефекты

CWE-1233

Связанные уязвимости

GHSA-g8xm-9pfm-3736

CVSS3: 7.5

github

6 месяцев назад

BDU:2026-00039