CVE-2025-25736 — MEDIUM (6.8)

Vulnerability Description

Kapsch TrafficCom RIS-9260 RSU LEO v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to contain Android Debug Bridge (ADB) pre-installed (/mnt/c3platpersistent/opt/platform-tools/adb) and enabled by default, allowing unauthenticated root shell access to the cellular modem via the default 'kapsch' user.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Kapsch	Ris-9160 Firmware	3.2.0.829.23
Kapsch	Ris-9160	-
Kapsch	Ris-9260 Firmware	3.2.0.829.23
Kapsch	Ris-9260	-

Related Weaknesses (CWE)

CWE-306

References

https://cwe.mitre.org/data/definitions/306.htmlTechnical Description
https://phrack.org/issues/72/16_mdExploitThird Party Advisory
https://www.kapsch.net/_Resources/Persistent/3d251a8445e0bf50093903ad70b3dbed34dBroken Link
https://www.kapsch.net/enProduct
https://www.kapsch.net/en/press/releases/ktc-20200813-pr-enProduct

FAQ

What is CVE-2025-25736?

CVE-2025-25736 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Kapsch TrafficCom RIS-9260 RSU LEO v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to contain Android Debug Bridge (ADB) pre-installed (/mnt/c3platpersistent/opt/platform-tools/adb) ...

How severe is CVE-2025-25736?

CVE-2025-25736 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-25736?

Check the references section above for vendor advisories and patch information. Affected products include: Kapsch Ris-9160 Firmware, Kapsch Ris-9160, Kapsch Ris-9260 Firmware, Kapsch Ris-9260.