{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-08T13:24:02.644","vulnerabilities":[{"cve":{"id":"CVE-2025-25736","sourceIdentifier":"cve@mitre.org","published":"2025-08-26T15:15:42.793","lastModified":"2025-10-22T15:15:32.663","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Kapsch TrafficCom RIS-9260 RSU LEO v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to contain Android Debug Bridge (ADB) pre-installed (/mnt/c3platpersistent/opt/platform-tools/adb) and enabled by default, allowing unauthenticated root shell access to the cellular modem via the default 'kapsch' user."},{"lang":"es","value":"Se descubrió que Kapsch TrafficCom RIS-9260 RSU LEO v3.2.0.829.23, v3.8.0.1119.42 y v4.6.0.1211.28 contienen Android Debug Bridge (ADB) preinstalado (/mnt/c3platpersistent/opt/platform-tools/adb) y habilitado de manera predeterminada, lo que permite el acceso de shell root no autenticado al módem celular a través del usuario \"kapsch\" predeterminado."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:kapsch:ris-9160_firmware:3.2.0.829.23:*:*:*:*:*:*:*","matchCriteriaId":"1385F53F-B8B3-460B-AF40-3E6C0373E56F"},{"vulnerable":true,"criteria":"cpe:2.3:o:kapsch:ris-9160_firmware:3.8.0.1119.42:*:*:*:*:*:*:*","matchCriteriaId":"89FBCE38-F618-4885-9A19-4387C26B0648"},{"vulnerable":true,"criteria":"cpe:2.3:o:kapsch:ris-9160_firmware:4.6.0.1211.28:*:*:*:*:*:*:*","matchCriteriaId":"C5A25078-2E54-4458-B2A1-12B22BFE5BC9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:kapsch:ris-9160:-:*:*:*:*:*:*:*","matchCriteriaId":"03950C43-60AC-46A7-8C69-BFFC24297EA9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:kapsch:ris-9260_firmware:3.2.0.829.23:*:*:*:*:*:*:*","matchCriteriaId":"A962F165-2FB7-4CD7-A316-0696668B8CC2"},{"vulnerable":true,"criteria":"cpe:2.3:o:kapsch:ris-9260_firmware:3.8.0.1119.42:*:*:*:*:*:*:*","matchCriteriaId":"98025B93-400E-435F-B1C1-EBFA2777E013"},{"vulnerable":true,"criteria":"cpe:2.3:o:kapsch:ris-9260_firmware:4.6.0.1211.28:*:*:*:*:*:*:*","matchCriteriaId":"221A418C-D55A-4A63-9711-CA8025C4C709"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:kapsch:ris-9260:-:*:*:*:*:*:*:*","matchCriteriaId":"6AB37525-44FC-456A-ACE1-0661BC9D0CFD"}]}]}],"references":[{"url":"https://cwe.mitre.org/data/definitions/306.html","source":"cve@mitre.org","tags":["Technical Description"]},{"url":"https://phrack.org/issues/72/16_md","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.kapsch.net/_Resources/Persistent/3d251a8445e0bf50093903ad70b3dbed34dec7e7/KTC-CVS_RIS-9260_DataSheet.pdf","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"https://www.kapsch.net/en","source":"cve@mitre.org","tags":["Product"]},{"url":"https://www.kapsch.net/en/press/releases/ktc-20200813-pr-en","source":"cve@mitre.org","tags":["Product"]}]}}]}