CVE-2025-25734 is a security vulnerability identified in Kapsch TrafficCom's RIS-9160 and RIS-9260 Roadside Units (RSUs), specifically in firmware versions 3.2.0.829.23, 3.8.0.1119.42, and 4.6.0.1211.28. The vulnerability arises from the presence of an unauthenticated EFI (Extensible Firmware Interface) shell accessible during the device boot process. EFI shells provide a command-line environment that allows execution of low-level commands and scripts before the operating system loads. In this case, the unauthenticated EFI shell can be accessed by an attacker without any credentials, enabling arbitrary code execution or privilege escalation at the firmware level. This means an attacker with physical or network access to the RSU could potentially manipulate the device's boot process to run malicious code, alter firmware, or gain persistent control over the device. Since RSUs are critical infrastructure components used in intelligent transportation systems for traffic management, toll collection, and vehicle-to-infrastructure communication, compromising these devices could have serious operational and safety implications. The vulnerability does not currently have a CVSS score, and no known exploits have been reported in the wild as of the publication date. However, the nature of the vulnerability—unauthenticated code execution at boot—makes it a significant security risk that could be exploited by attackers with access to the device, potentially leading to full system compromise or disruption of traffic control functions.

For European organizations, especially those involved in transportation infrastructure, smart city deployments, and traffic management, this vulnerability poses a substantial risk. Exploitation could lead to unauthorized control over RSUs, resulting in manipulation or disruption of traffic signals, toll systems, or vehicle communication protocols. This could cause traffic congestion, accidents, or denial of service in critical transportation networks. Additionally, compromised RSUs could serve as entry points for lateral movement into broader network environments, threatening the integrity and availability of other connected systems. Given the strategic importance of transportation infrastructure in Europe and the increasing reliance on connected RSUs for traffic safety and efficiency, the impact could extend beyond operational disruption to public safety concerns and economic losses. Furthermore, regulatory compliance requirements such as the NIS Directive and GDPR may impose additional legal and financial consequences if such vulnerabilities lead to data breaches or service outages.

To mitigate this vulnerability, European organizations should prioritize the following actions: 1) Engage with Kapsch TrafficCom to obtain firmware updates or patches that remove or secure the unauthenticated EFI shell access. If no patches are currently available, request a timeline and interim mitigation guidance. 2) Implement strict physical security controls to restrict unauthorized access to RSUs, as exploitation likely requires physical or network proximity. 3) Network segmentation should be enforced to isolate RSUs from broader enterprise or public networks, limiting the attack surface and preventing unauthorized access to the devices. 4) Monitor RSU network traffic and device logs for unusual activity indicative of exploitation attempts, such as unexpected boot sequences or command executions. 5) Employ secure boot mechanisms and firmware integrity verification where possible to detect and prevent unauthorized firmware modifications. 6) Develop incident response plans specific to RSU compromise scenarios, including procedures for rapid isolation and recovery. 7) Conduct regular security assessments and penetration testing focused on RSU devices and their firmware to proactively identify and remediate vulnerabilities.