CVE-2025-41646

RevPi Webstatus application is vulnerable to an authentication bypass

CVSS 9.8 CRITICALEPSS 40.7%CWE-704

An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Kunbus · Revolution Pi webstatus

public PoCs found — 2

githubgithub.com/GreenForceNetworks/CVE-2025-41646---Critical-Authentication-Bypass-★ 1 githubgithub.com/r0otk3r/CVE-2025-41646★ 0

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://psirt.kunbus.com/.well-known/csaf/white/2025/kunbus-2025-0000003.json https://www.kunbus.com/en/productsecurity/Kunbus-2025-0000003