CVE-2025-46412: Vertiv Liebert RDU101 and UNITY Authentication Bypass Using an Alternate Path or Channel
9.8
CVSS
Description
Affected Vertiv products do not properly protect webserver functions that could allow an attacker to bypass authentication.
Classification
CVE ID: CVE-2025-46412
CVSS Base Severity: CRITICAL
CVSS Base Score: 9.8
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
Vendor: Vertiv
Product: Liebert RDU101, Liebert IS-UNITY
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.08% (probability of being exploited)
EPSS Percentile: 23.54% (scored less or equal to compared to others)
EPSS Date: 2025-06-06 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact: total
SSVC Automatable: true
References
https://nvd.nist.gov/vuln/detail/CVE-2025-46412https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-10
https://www.vertiv.com/en-us/support/security-support-center/