AI description
CVE-2025-1727 is a remote linking vulnerability affecting End-of-Train (EoT) and Head-of-Train (HoT) systems. The vulnerability lies in the protocol used for remote linking over radio frequencies, which relies on a BCH checksum for packet creation. It is possible to create unauthorized EoT and HoT packets with a software-defined radio and then issue brake control commands to the EoT device. This could disrupt train operations or potentially overwhelm the brake systems.
- Description
- The protocol used for remote linking over RF for End-of-Train and Head-of-Train (also known as a FRED) relies on a BCH checksum for packet creation. It is possible to create these EoT and HoT packets with a software defined radio and issue brake control commands to the EoT device, disrupting operations or potentially overwhelming the brake systems.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 7.2
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Secondary
- Base score
- 8.1
- Impact score
- 5.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
- Severity
- HIGH
- ics-cert@hq.dhs.gov
- CWE-1390
- Hype score
- Not currently trending
Train Brakes Can Be Hacked Over Radio—And the Industry Knew for 20 Years CISA has disclosed CVE-2025-1727, a critical vulnerability in the unencrypted radio protocol linking End-of-Train (EoT) and Head-of-Train (HoT) devices, which could let attackers remotely trigger train ht
@dCypherIO
16 Jul 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
$ONDS TSA’s $2.1B rail cybersecurity regulation is due any day now (60 days almost up) CISA rail vulnerability (CVE-2025-1727) Seems we can expect a deal very soon. Please correct me if I’m wrong.
@pdejj17567985
16 Jul 2025
182 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
⚠️ 20-Year-Old Vulnerability Allows Hackers to Control Train Brakes Read more: https://t.co/Ey9hpM3PUN 1. CVE-2025-1727 affecting all End-of-Train/Head-of-Train protocols with CVSS v4 score of 7.2. 2. Weak BCH checksum authentication allows attackers to use software-define
@The_Cyber_News
15 Jul 2025
904 Impressions
3 Retweets
15 Likes
2 Bookmarks
0 Replies
1 Quote
🚃列車のハッキングを可能にする脆弱性、20年越しに注目浴びる(CVE-2025-1727) 🇬🇧英国が新たな脆弱性調査プログラムを立ち上げ 外部専門家との関係を強化 〜サイバーアラート 7月15日〜 https://t.co/hDSRRs
@MachinaRecord
15 Jul 2025
23 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
📌 20-year vulnerability in train systems could allow hackers to trigger emergency braking. CISA alerts critical flaw CVE-2025-1727. #CyberSecurity #TrainSafety https://t.co/GOYCgsArUm https://t.co/nNX7bZFytv
@CyberHub_blog
15 Jul 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国鉄道のブレーキシステムに深刻な脆弱性(CVE-2025-1727)が明らかになった。この脆弱性は無線通信の認証が弱く、安価な装置で遠隔から列車を急停止させ、脱線や物流混乱を引き起こす可能性がある。
@yousukezan
14 Jul 2025
2218 Impressions
8 Retweets
14 Likes
5 Bookmarks
0 Replies
0 Quotes
A major vulnerability in the End-of-Train (EoT) protocol, identified as CVE-2025-1727, allows attackers to send commands that can abruptly engage train brakes across North America. https://t.co/Jv8UICTtEX
@securityRSS
14 Jul 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical vulnerability (CVE-2025-1727) found in train brake control systems exposes them to remote exploitation, risking sudden stops or derailments. The flaw impacts communication protocols used by End-of-Train and Head-of-Train devices. #RailSecurity… https://t.co/mLstSsIb3
@TweetThreatNews
14 Jul 2025
60 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
https://t.co/DnuGdh3NAW 1. 7 월 10 일 미 국토안보부 산하 CISA는 “열차 뒤(EoT)·앞(HoT) 브레이크 통신장치 무선 프로토콜이 약한 인증 결함(CVE-2025-1727, CVSS 7.2) 때문에 누구나 저가 소프트웨어 정의 무전기(SDR)로 가짜
@Infinity0Equity
13 Jul 2025
1860 Impressions
3 Retweets
17 Likes
3 Bookmarks
1 Reply
1 Quote
🚨 America has a major problem. Our rail systems can be hacked. Our airspace is vulnerable. One company is solving both. $ONDS Here’s what just dropped — and why no one’s talking about it ⸻ 🔐 CVE-2025-1727 just got published. U.S. trains can be hacked remotely u
@TylerFumero
13 Jul 2025
21 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2022-38392 2 - CVE-2025-1727 3 - CVE-2023-52927 4 - CVE-2025-25257 5 - CVE-2025-5959 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
13 Jul 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
鉄道用End-of-Train/Head-of-Train無線リンクプロトコルの認証脆弱性(CVE-2025-1727)について警告。 攻撃者がソフトウェア無線を用いて偽の制御信号を送信し、列車のブレーキ操作に不正に介入できる可能性。
@yousukezan
12 Jul 2025
718 Impressions
2 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-1727 The protocol used for remote linking over RF for End-of-Train and Head-of-Train (also known as a FRED) relies on a BCH checksum for packet creation. It is possible to… https://t.co/TgRI1SYAcg
@CVEnew
11 Jul 2025
168 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes