CVE-2025-25737 — MEDIUM (6.8)

Vulnerability Description

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to lack secure password requirements for its BIOS Supervisor and User accounts, allowing attackers to bypass authentication via a bruteforce attack.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Kapsch	Ris-9160 Firmware	3.2.0.829.23
Kapsch	Ris-9160	-
Kapsch	Ris-9260 Firmware	3.2.0.829.23
Kapsch	Ris-9260	-

Related Weaknesses (CWE)

CWE-521

References

https://cwe.mitre.org/data/definitions/521.htmlTechnical Description
https://phrack.org/issues/72/16_mdExploitThird Party Advisory
https://www.kapsch.net/_Resources/Persistent/3d251a8445e0bf50093903ad70b3dbed34dBroken Link
https://www.kapsch.net/_Resources/Persistent/55fb8d0fb279262809eac88d457894db1b3Product
https://www.kapsch.net/enProduct
https://www.kapsch.net/en/press/releases/ktc-20200813-pr-enProduct

FAQ

What is CVE-2025-25737?

CVE-2025-25737 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to lack secure password requirements for its BIOS Supervisor and User acco...

How severe is CVE-2025-25737?

CVE-2025-25737 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-25737?

Check the references section above for vendor advisories and patch information. Affected products include: Kapsch Ris-9160 Firmware, Kapsch Ris-9160, Kapsch Ris-9260 Firmware, Kapsch Ris-9260.