CVE-2025-8699_CVE-2025-8699

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Description

Some "Stored Value" Unattended Payment Solutions of KioSoft use vulnerable NFC cards. Attackers could potentially use this vulnerability to change the balance on the cards and generate money. The account balance is stored on an insecure MiFare Classic NFC card and can be read and written back. By carefully observing changes in card dumps, one can identify fields that store the cash value of the card. Additionally, a checksum can be identified, which is created by XOR-ing the cash and an unknown field with a certain value. By updating the fields accordingly, arbitrary amounts of money can be loaded onto the card (up to $655,35) to pay for goods.

Basic Information

ID CVE-2025-8699

Source SEC-VLab

Published Sep 12, 2025 at 11:19

Modified Sep 16, 2025 at 20:08

Affected Product

Vendor KioSoft

Product Stored Value Unattended Payment Solution

Version Current firmware/hardware as of Q2/2025

Affected Versions KioSoft Stored Value Unattended Payment Solution Current firmware/hardware as of Q2/2025

CWE Classification

CWE-922

References

r.sec-consult.com /kiosoft

{
    "lastseen": "",
    "description": "Some \"Stored Value\" Unattended Payment Solutions of KioSoft use vulnerable NFC cards. Attackers could potentially use this vulnerability to change the balance on the cards and generate money. The account balance is stored on an insecure MiFare Classic NFC card and can be read and written back.\u00a0By carefully observing changes in card dumps, one can identify fields that store the cash value of the card. Additionally, a checksum can be identified, which is created by XOR-ing the cash and an unknown field with a certain value. By updating the fields accordingly, arbitrary amounts of money can be loaded onto the card (up to $655,35) to pay for goods.",
    "published": "2025-09-12T11:19:44.345Z",
    "modified": "2025-09-16T20:08:19.699Z",
    "type": "cve",
    "title": "CVE-2025-8699",
    "source": "SEC-VLab",
    "references": "https://r.sec-consult.com/kiosoft",
    "id": "CVE-2025-8699",
    "bulletinFamily": "",
    "cwe": [
        "CWE-922"
    ],
    "cvelist": null,
    "sourceData": "KioSoft Stored Value Unattended Payment Solution Current firmware/hardware as of Q2/2025",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Stored Value Unattended Payment Solution",
    "version": "Current firmware/hardware as of Q2/2025",
    "vendor": "KioSoft",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}