A vulnerability affecting systems named End-of-Train and Head-of-Train can be exploited by hackers to cause trains to brake.
July 14, 2025 By Eduard Kovacs
The US cybersecurity agency CISA has disclosed a vulnerability that can be exploited to manipulate or tamper with a train’s brakes.
CISA last week published an advisory describing CVE-2025-1727, an issue affecting the remote linking protocol used by systems known as End-of-Train and Head-of-Train.
An End-of-Train (EoT) device, also known as a Flashing Rear End Device (FRED), is placed at the end of a train, being designed to transmit data to a device in the locomotive named the Head-of-Train (HoT). The system, introduced to replace the caboose, is used to obtain status data from the end of the train (particularly useful for long freight trains), but it can also receive commands to apply the brakes at the rear of the train.
