CVE-2025-8699 - KioSoft Stored Value Unattended Payment Solution NFC Card Cash Value Manipulation Vulnerability
CVE ID : CVE-2025-8699
Published : Sept. 12, 2025, 11:19 a.m. | 44 minutes ago
Description : Some "Stored Value" Unattended Payment Solutions of KioSoft use vulnerable NFC cards. Attackers could potentially use this vulnerability to change the balance on the cards and generate money. The account balance is stored on an insecure MiFare Classic NFC card and can be read and written back. By carefully observing changes in card dumps, one can identify fields that store the cash value of the card. Additionally, a checksum can be identified, which is created by XOR-ing the cash and an unknown field with a certain value. By updating the fields accordingly, arbitrary amounts of money can be loaded onto the card (up to $655,35) to pay for goods.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Published : Sept. 12, 2025, 11:19 a.m. | 44 minutes ago
Description : Some "Stored Value" Unattended Payment Solutions of KioSoft use vulnerable NFC cards. Attackers could potentially use this vulnerability to change the balance on the cards and generate money. The account balance is stored on an insecure MiFare Classic NFC card and can be read and written back. By carefully observing changes in card dumps, one can identify fields that store the cash value of the card. Additionally, a checksum can be identified, which is created by XOR-ing the cash and an unknown field with a certain value. By updating the fields accordingly, arbitrary amounts of money can be loaded onto the card (up to $655,35) to pay for goods.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...