CVE-2025-25735 is a high-severity vulnerability affecting Kapsch TrafficCom RIS-9160 and RIS-9260 Roadside Units (RSUs) in versions 3.2.0.829.23, 3.8.0.1119.42, and 4.6.0.1211.28. These RSUs lack SPI Protected Range Registers (PRRs), a hardware security feature designed to prevent unauthorized modification of SPI flash memory. The absence of PRRs allows an attacker who already has software-level access on the device to modify the SPI flash memory in real-time. This vulnerability is classified under CWE-1233, which relates to improper protection of hardware resources. The CVSS v3.1 base score is 7.5, indicating a high severity, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The impact is primarily on confidentiality (C:H), with no direct impact on integrity or availability. Since the attacker must have software running on the device, this implies some level of prior compromise or insider threat. The SPI flash memory typically contains firmware or critical configuration data, so unauthorized modification could lead to persistent malware installation, firmware tampering, or extraction of sensitive information. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability affects critical infrastructure components used in intelligent transportation systems, which are increasingly deployed across Europe for traffic management and road safety.

For European organizations, especially those involved in transportation infrastructure and smart city deployments, this vulnerability poses a significant risk. RSUs are integral to vehicle-to-infrastructure communication, traffic monitoring, and enforcement systems. Exploitation could lead to unauthorized firmware modifications, enabling attackers to implant persistent malware, disrupt traffic data integrity, or exfiltrate sensitive operational data. Although the vulnerability does not directly impact availability or integrity per the CVSS vector, the ability to modify firmware covertly can lead to long-term compromise and potential sabotage. Given the strategic importance of transportation infrastructure in Europe, successful exploitation could undermine public safety, cause traffic disruptions, and erode trust in smart infrastructure. Additionally, attackers could leverage this vulnerability as a foothold for lateral movement within critical infrastructure networks. The lack of required privileges or user interaction for exploitation increases the risk, especially if attackers can deploy malicious software through other means such as supply chain attacks or insider threats.

1. Immediate network segmentation and strict access controls should be implemented to limit software-level access to RSUs, reducing the risk of attackers running unauthorized code on these devices. 2. Deploy runtime integrity monitoring on RSUs to detect unauthorized modifications to firmware or flash memory. 3. Implement strict supply chain security and device hardening practices to prevent initial compromise of RSUs. 4. Engage with Kapsch TrafficCom for timely firmware updates or patches addressing the lack of SPI PRRs; if unavailable, consider hardware replacement or additional hardware-based protections. 5. Conduct regular security audits and penetration testing focused on RSU environments to identify potential compromise vectors. 6. Employ anomaly detection systems on traffic management networks to identify unusual RSU behavior indicative of firmware tampering. 7. Develop incident response plans specifically for transportation infrastructure components to quickly isolate and remediate compromised RSUs. 8. Where possible, utilize hardware security modules or trusted platform modules to enhance device firmware protection.