CVE-2025-25736

🗓️ 26 Aug 2025 15:15:42Reported by [email protected]Type

CVE-2025-25736 RIS-9260 RSU LEO versions 3.2.0.829.23, 3.8.0.1119.42, 4.6.0.1211.28 have ADB at /mnt/c3platpersistent/opt/platform-tools/adb enabled by default, allowing unauthenticated root on the cellular modem via default kapsch user.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2025-25736	26 Aug 202515:15	–	circl
CNNVD	Kapsch TrafficCom RIS-9260 RSU LEO 安全漏洞	26 Aug 202500:00	–	cnnvd
CVE	CVE-2025-25736	26 Aug 202500:00	–	cve
Cvelist	CVE-2025-25736	26 Aug 202500:00	–	cvelist
EUVD	EUVD-2025-25796	3 Oct 202520:07	–	euvd
OSV	CVE-2025-25736	26 Aug 202515:15	–	osv
Positive Technologies	PT-2025-34784 · Google +1 · Android Debug Bridge +1	26 Aug 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-25736	30 Aug 202518:21	–	redhatcve
Vulnrichment	CVE-2025-25736	26 Aug 202500:00	–	vulnrichment

NVD

Node

kapsch ris-9160_firmwareMatch3.2.0.829.23

kapsch ris-9160_firmwareMatch3.8.0.1119.42

kapsch ris-9160_firmwareMatch4.6.0.1211.28

AND

kapsch ris-9160Match-

Node

kapsch ris-9260_firmwareMatch3.2.0.829.23

kapsch ris-9260_firmwareMatch3.8.0.1119.42

kapsch ris-9260_firmwareMatch4.6.0.1211.28

AND

kapsch ris-9260Match-

Source	Link
phrack	www.phrack.org/issues/72/16_md
cwe	www.cwe.mitre.org/data/definitions/306.html
kapsch	www.kapsch.net/en/press/releases/ktc-20200813-pr-en
kapsch	www.kapsch.net/_Resources/Persistent/3d251a8445e0bf50093903ad70b3dbed34dec7e7/KTC-CVS_RIS-9260_DataSheet.pdf
kapsch	www.kapsch.net/en

17 Jun 2026 09:01Current

CVSS 3.16.8

EPSS0.00305

CWE-306