Overview
The CVE-2025-25735 vulnerability affects the Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs). This vulnerability allows attackers to modify SPI flash in real-time and potentially compromise the system or leak data. It’s a significant security concern for organizations using these RSUs and requires immediate attention.
Vulnerability Summary
CVE ID: CVE-2025-25735
Severity: High (7.5 CVSS Score)
Attack Vector: Local Access
Privileges Required: Low level
User Interaction: None
Impact: Potential system compromise or data leakage
Affected Products
Product | Affected Versions
Kapsch TrafficCom RIS-9160 | v3.2.0.829.23, v3.8.0.1119.42, v4.6.0.1211.28
Kapsch TrafficCom RIS-9260 | v3.2.0.829.23, v3.8.0.1119.42, v4.6.0.1211.28
How the Exploit Works
The vulnerability stems from the lack of SPI Protected Range Registers (PRRs) in the mentioned versions of the RSUs. This omission allows attackers with low-level privileges and local access to manipulate the SPI flash memory in real-time. This could lead to unauthorized changes in system behavior or data leaks.
Conceptual Example Code
Here is a conceptual pseudo-code example illustrating how an attacker might exploit this vulnerability:
def exploit(target_system):
# Obtain low-level privileges on the target system
low_privileges = obtain_low_privileges(target_system)
if low_privileges:
# Access the SPI flash memory
spi_flash = access_spi_flash(target_system)
# Modify the SPI flash memory in real-time
spi_flash.modify("malicious_changes")
else:
print("Failed to obtain necessary privileges.")
This pseudo-code is for illustrative purposes only. In real-world scenarios, detailed knowledge of the system and the exploit would be necessary.
