EUVD-2025-25797

Malicious code in bioql PyPI...

CVE-2025-25734

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 was discovered to contain an unauthenticated EFI shell which allows attackers to execute arbitrary code or escalate privileges during the boot process...

CVE-2025-25737

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to lack secure password requirements for its BIOS Supervisor and User accounts, allowing attackers to bypass authentication via a bruteforce attack...

CVE-2025-25733

Incorrect access control in the SPI Flash Chip of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows physically proximate attackers to arbitrarily modify SPI flash regions, leading to a degradation of the security posture of the devi...

CVE-2025-25735

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to lack SPI Protected Range Registers PRRs, allowing attackers with software running on the system to modify SPI flash in real-time...

CVE-2025-25736

Kapsch TrafficCom RIS-9260 RSU LEO v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to contain Android Debug Bridge ADB pre-installed /mnt/c3platpersistent/opt/platform-tools/adb and enabled by default, allowing unauthenticated root shell access to the cellular modem via the...

CVE-2025-25732

Incorrect access control in the EEPROM component of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows attackers to replace password hashes stored in the EEPROM with hashes of their own, leading to the escalation of privileges to roo...

CVE-2025-25735

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to lack SPI Protected Range Registers PRRs, allowing attackers with software running on the system to modify SPI flash in real-time...

CVE-2025-25736

Kapsch TrafficCom RIS-9260 RSU LEO v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to contain Android Debug Bridge ADB pre-installed /mnt/c3platpersistent/opt/platform-tools/adb and enabled by default, allowing unauthenticated root shell access to the cellular modem via the...

CVE-2025-25732

Incorrect access control in the EEPROM component of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows attackers to replace password hashes stored in the EEPROM with hashes of their own, leading to the escalation of privileges to roo...

CVE-2025-25734

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 was discovered to contain an unauthenticated EFI shell which allows attackers to execute arbitrary code or escalate privileges during the boot process...

CVE-2025-25735

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to lack SPI Protected Range Registers PRRs, allowing attackers with software running on the system to modify SPI flash in real-time...

PT-2025-34783 · Kapsch Trafficcom · Ris-9160 +1

Name of the Vulnerable Software and Affected Versions: Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs versions 3.2.0.829.23, 3.8.0.1119.42, and 4.6.0.1211.28 Description: Kapsch TrafficCom RIS-9160 and RIS-9260 Roadside Units RSUs lack SPI Protected Range Registers PRRs. This allows...

PT-2025-34784 · Google +1 · Android Debug Bridge +1

Name of the Vulnerable Software and Affected Versions: Kapsch TrafficCom RIS-9260 RSU LEO versions 3.2.0.829.23, 3.8.0.1119.42, and 4.6.0.1211.28 Description: The Kapsch TrafficCom RIS-9260 RSU LEO software has the Android Debug Bridge ADB pre-installed and enabled by default. This allows...

Kapsch TrafficCom RIS-9260 RSU LEO 安全漏洞

The Kapsch TrafficCom RIS-9260 RSU LEO is a road measurement unit from Kapsch TrafficCom, Austria, with functions for communication and co-management of the vehicle network in intelligent transportation. A security vulnerability exists in the Kapsch TrafficCom RIS-9260 RSU LEO versions...

Kapsch TrafficCom RIS-9160和Kapsch TrafficCom RIS-9260 RSU LEO 安全漏洞

The Kapsch TrafficCom RIS-9260 RSU LEO and the Kapsch TrafficCom RIS-9160 are both a road measurement unit from Kapsch TrafficCom, Austria, with functions of communication and co-management of connected vehicles in intelligent transportation. A security vulnerability exists in the Kapsch TrafficC...

CVE-2025-25734

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) versions 3.2.0.829.23, 3.8.0.1119.42, and 4.6.0.1211.28 contain an unauthenticated EFI shell that can be leveraged to execute arbitrary code or escalate privileges during boot. Root cause is an EFI shell exposure in the RSU firmware; aff...

CVE-2025-25733

Incorrect access control in the SPI Flash Chip of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows physically proximate attackers to arbitrarily modify SPI flash regions, leading to a degradation of the security posture of the devi...

PT-2025-34785 · Kapsch Trafficcom · Ris-9160 +1

Name of the Vulnerable Software and Affected Versions: Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs versions 3.2.0.829.23, 3.8.0.1119.42, and 4.6.0.1211.28 Description: The Kapsch TrafficCom RIS-9160 and RIS-9260 Roadside Units RSUs lack secure password requirements for the BIOS...

PT-2025-34782 · Kapsch Trafficcom · Ris-9160 +1

Name of the Vulnerable Software and Affected Versions: Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs versions 3.2.0.829.23, 3.8.0.1119.42, and 4.6.0.1211.28 Description: The Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs contain an unauthenticated EFI shell. This allows...