AI description
CVE-2025-41646 is a vulnerability in the RevPi Webstatus application. It stems from an incorrect type conversion, which can be exploited by an unauthorized remote attacker to bypass authentication. This could lead to a complete compromise of the affected device. Specifically, the vulnerability allows a remote attacker to bypass authentication. Successful exploitation could grant the attacker full control of the device, potentially allowing them to access, modify, or delete sensitive information, and disrupt device operations. A patch is available from Kunbus, released on June 10, 2025.
- Description
- An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device
- Source
- info@cert.vde.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- info@cert.vde.com
- CWE-704
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
23
CVE-2025-41646 Critical auth bypass in RevPi Webstatus (<= v2.4.5) ⚠️ Affects ICS/OT Root Cause: Backend accepts JSON boolean true in place of the expected password hash - weak equality comparison PoC: Pass { "hashcode": true } to login --> full access! Patch: Update
@win3zz
2 Jul 2025
9536 Impressions
40 Retweets
157 Likes
68 Bookmarks
1 Reply
0 Quotes
Critical: CVE-2025-41646 lets remote attackers bypass auth & take over Kunbus RevPi via type conversion flaw. Patch now! Details: https://t.co/g4y2xYip0C #OffSeq #CVE202541646 #CyberSecurity #ICS #IoT https://t.co/gzVDg14wRf
@offseq
7 Jun 2025
53 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-41646 An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise… https://t.co/ZcDGfpV7Vq
@CVEnew
6 Jun 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-41646: CRITICAL] An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device#cve,CVE-2025-41646,#cybersecurity https://t.co/Bp6ffwl1Rj https://t.co/y
@CveFindCom
6 Jun 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kunbus:revpi_status:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B5AB814D-A49E-4331-93F1-112580C10B44",
"versionEndExcluding": "2.4.6"
}
],
"operator": "OR"
}
]
}
]