Unsecured End-of-Train radio protocol enables remote brake manipulation.

CISA disclosed that CVE-2025-1727 affects the radio link between End-of-Train and Head-of-Train devices, which lacks authentication and encryption and can be spoofed with inexpensive software-defined radios to inject unauthorized brake commands. Researchers first reported the flaw over a decade ago, but the rail industry only agreed in 2025 to replace roughly 25,000 locomotive units and 45,000 rear-end devices beginning in 2026. This vulnerability leaves both freight and passenger trains open to sudden stoppages or brake failures, underscoring the urgent need for authenticated, encrypted communications in rail control systems.

Read more:

https://www.securityweek.com/train-hack-gets-proper-attention-after-20-years-researcher/