CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-41646: RevPi Webstatus application is vulnerable to an authentication bypass

9.8 CVSS

Description

An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device

Classification

CVE ID: CVE-2025-41646

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.8

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem Types

CWE-704 Incorrect Type Conversion or Cast

Affected Products

Vendor: Kunbus

Product: Revolution Pi webstatus

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.35% (probability of being exploited)

EPSS Percentile: 56.82% (scored less or equal to compared to others)

EPSS Date: 2025-06-11 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-41646
https://www.kunbus.com/en/productsecurity/Kunbus-2025-0000003
https://psirt.kunbus.com/.well-known/csaf/white/2025/kunbus-2025-0000003.json

Timeline

2025-06-06 15:40:22 UTC
CVE

RevPi Webstatus application is vulnerable to an authentication bypass