CVE-2025-25732 is a critical vulnerability identified in the EEPROM component of Kapsch TrafficCom RIS-9160 and RIS-9260 Roadside Units (RSUs), specifically affecting firmware versions 3.2.0.829.23, 3.8.0.1119.42, and 4.6.0.1211.28. The vulnerability arises from incorrect access control mechanisms within the EEPROM storage, which is responsible for holding sensitive data such as password hashes. An attacker exploiting this flaw can replace legitimate password hashes stored in the EEPROM with their own crafted hashes. This manipulation effectively allows the attacker to escalate privileges to root level on the affected RSU devices. Given that RSUs are critical infrastructure components used in intelligent transportation systems for traffic monitoring, toll collection, and traffic management, unauthorized root access could lead to severe operational disruptions. The vulnerability does not require user interaction but likely requires network access to the RSU, which may be exposed depending on deployment configurations. No public exploits have been reported yet, and no CVSS score has been assigned. However, the ability to gain root privileges by tampering with stored password hashes indicates a severe security weakness that could be leveraged for persistent unauthorized control, data manipulation, or denial of service within traffic management systems.

For European organizations, particularly those involved in transportation infrastructure and smart city initiatives, this vulnerability poses a significant risk. RSUs are widely deployed across Europe for traffic monitoring, congestion management, and tolling systems. Exploitation could allow attackers to disrupt traffic flow, manipulate toll data, or disable critical roadside communications, potentially causing traffic chaos and economic losses. Moreover, unauthorized root access could facilitate lateral movement into broader transportation networks or connected systems, amplifying the impact. Given the strategic importance of transportation infrastructure in Europe, such disruptions could also have national security implications. The risk is heightened in countries with extensive deployments of Kapsch TrafficCom RSUs or similar systems integrated into national traffic management frameworks.

1. Immediate firmware updates: Organizations should prioritize obtaining and applying patches or updated firmware from Kapsch TrafficCom as soon as they become available. 2. Network segmentation: Isolate RSUs from general enterprise networks and restrict access to management interfaces to trusted administrative networks only. 3. Access control hardening: Implement strict network access controls, including firewall rules and VPN requirements, to limit exposure of RSUs to untrusted networks. 4. Monitoring and logging: Deploy continuous monitoring solutions to detect anomalous activities such as unauthorized attempts to access or modify EEPROM data. 5. Physical security: Ensure physical protection of RSUs to prevent direct hardware tampering. 6. Incident response planning: Prepare response procedures specifically for RSU compromise scenarios, including rapid isolation and recovery steps. 7. Vendor engagement: Maintain close communication with Kapsch TrafficCom for advisories, patches, and support related to this vulnerability. These measures go beyond generic advice by focusing on the unique operational context of RSUs and their critical role in transportation infrastructure.