Vulnerabilites related to Kunbus - Revolution Pi webstatus
CVE-2025-41646 (GCVE-0-2025-41646)
Vulnerability from cvelistv5
Published
2025-06-06 14:42
Modified
2025-06-06 15:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-704 - Incorrect Type Conversion or Cast
Summary
An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.kunbus.com/en/productsecurity/Kunbus-2025-0000003 | vendor-advisory | |
| https://psirt.kunbus.com/.well-known/csaf/white/2025/kunbus-2025-0000003.json | vendor-advisory, x_csaf |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kunbus | Revolution Pi webstatus |
Version: 0.0.0 ≤ 2.4.5 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41646",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-06T15:05:56.484231Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-06T15:06:11.989Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Revolution Pi webstatus",
"vendor": "Kunbus",
"versions": [
{
"lessThanOrEqual": "2.4.5",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ajay Anto"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device"
}
],
"value": "An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-704",
"description": "CWE-704 Incorrect Type Conversion or Cast",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-06T14:42:31.249Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.kunbus.com/en/productsecurity/Kunbus-2025-0000003"
},
{
"tags": [
"vendor-advisory",
"x_csaf"
],
"url": "https://psirt.kunbus.com/.well-known/csaf/white/2025/kunbus-2025-0000003.json"
}
],
"source": {
"defect": [
"CERT@VDE#641782"
],
"discovery": "EXTERNAL"
},
"title": "RevPi Webstatus application is vulnerable to an authentication bypass",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41646",
"datePublished": "2025-06-06T14:42:31.249Z",
"dateReserved": "2025-04-16T11:17:48.305Z",
"dateUpdated": "2025-06-06T15:06:11.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}