CVE-2025-41646 PUBLISHED

RevPi Webstatus application is vulnerable to an authentication bypass

Assigner: CERTVDE
Reserved: 16.04.2025 Published: 06.06.2025 Updated: 06.06.2025

An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 9.8

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Kunbus
Product	Revolution Pi webstatus
Versions	Default: unaffected affected from 0.0.0 to 2.4.5 (incl.)

Credits

Ajay Anto reporter

References

https://www.kunbus.com/en/productsecurity/Kunbus-2025-0000003
https://psirt.kunbus.com/.well-known/csaf/white/2025/kunbus-2025-0000003.json

Problem Types

CWE-704 Incorrect Type Conversion or Cast CWE