Having fun while learning about and pivoting into the world of DFIR.
by ogmini
CVE-2025-1727 was a fun one to learn about while on vacation. At least I didn’t take Amtrak to my destination. Neil Smith initially reported this back in 2012! He recently posted about this on July 11th, 2025 - https://xcancel.com/midwestneil/status/1943708133421101446.
Pretty classic case of the vendor/industry ignoring the report or requiring more evidence. They even went so far as to prevent security testing that could provide the evidence.
Neil tried again in 2024 which only resulted in AAR ignoring CISA. They finally published just to get a response. I would highly suggest reading Neil’s posts.
Wild stuff… Trains are pretty dang vulnerable.
tags: #Musings