{"uuid": "be009ea5-80c6-4218-acc9-9d35cd93ad53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-41646", "type": "published-proof-of-concept", "source": "https://t.me/brutsecurity/2039", "content": "\ud83d\udea8 CVE-2025-41646 -\nCritical Auth Bypass in RevPi Webstatus (\u2264 v2.4.5) \ud83d\udea8\n\u26a0\ufe0f Impacts ICS/OT environments \u2013 high risk!\n\n\ud83d\udee0\ufe0f Root Cause:\nBackend uses weak equality comparison, accepting a JSON boolean true instead of a password hash.\n\n\ud83e\uddea PoC:\nSend this in a login request:\n\n{ \"hashcode\": true }\n\n\u2705 Result: You get full access without valid credentials!\n\n\ud83d\udd12 Fix: Upgrade to v2.4.6 \u2013 patch removes weak comparison logic.\n\n\ud83c\udfaf Bug bounty takeaway:\nAlways test for type juggling and loose equality bugs in login flows, especially in OT/ICS systems where patch cycles are slower.", "creation_timestamp": "2026-07-11T12:00:03.527992Z"}