Remote Linking Vulnerability in End-of-Train and Head-of-Train Systems by CISA
CVE-2025-1727

7.2HIGH

Key Information:

Vendor

End-of-train And Head-of-train Remote Linking Protocol

Status
End-of-train And Head-of-train Remote Linking Protocol
Vendor
CVE Published:
10 July 2025

Badges

πŸ”₯ Trending nowπŸ₯‡ Trended No. 1πŸ“ˆ TrendedπŸ“ˆ Score: 19,400πŸ“° News Worthy

What is CVE-2025-1727?

CVE-2025-1727 is a remote linking vulnerability affecting the End-of-Train (EoT) and Head-of-Train (HoT) systems, which utilize a specific remote linking protocol designed for efficient communication over radio frequencies. This protocol, essential for managing and monitoring train operations, employs a BCH checksum method for the creation of packets. The vulnerability allows malicious actors to exploit this protocol using software-defined radios to create unauthorized EoT and HoT packets. By doing so, attackers can issue brake control commands to the EoT device, leading to possible disruptions in operations or even overwhelming the brake systems. Such a compromise could endanger the safety and functionality of railway operations, posing significant risks to both assets and personnel.

Potential Impact of CVE-2025-1727

  1. Operational Disruption: The ability to manipulate brake control commands can result in severe operational disturbances, potentially halting train services and affecting schedules. This disruption can lead to significant economic losses and operational inefficiencies.

  2. Safety Risks: Unauthorized control over braking systems directly endangers the safety of rail transport. The potential for abrupt stops or failure to respond to braking commands could cause accidents, posing serious risks to passengers and railway personnel.

  3. System Overload: Attackers could leverage this vulnerability to overwhelm the brake systems, leading to equipment failures or malfunctions. Such overload scenarios could necessitate extensive repairs or replacements, thereby increasing operational costs and affecting service reliability.

Affected Version(s)

End-of-Train and Head-of-Train remote linking protocol All versions

News Articles

favicon imageCVE Details

CVE-2025-1727 : The protocol used for remote linking over RF for End-of-Train and Head-of-Train

CVE-2025-1727 : The protocol used for remote linking over RF for End-of-Train and Head-of-Train (also known as a FRED) relies on a BCH checksum for packet creation.

6 hours ago

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-1...

CVSS V4

Score:
7.2
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • πŸ“°

    First article discovered by CVE Details

  • πŸ₯‡

    Vulnerability reached the number 1 worldwide trending spot

  • πŸ“ˆ

    Vulnerability started trending

  • Vulnerability published

  • Vulnerability Reserved

Credit

Neil Smith and Eric Reuter reported this vulnerability to CISA.
.
CVE-2025-1727 : Remote Linking Vulnerability in End-of-Train and Head-of-Train Systems by CISA