Kunbus-2025-0000003: Authentication Bypass in RevPi Webstatus
TLP: WHITE
| Publisher: KUNBUS PSIRT | Document category: csaf_security_advisory |
| Initial release date: 2025-05-09T15:08:40.440451729Z | Engine: csaf-cms-backend 1.0.0 |
| Current release date: 2025-06-05T13:28:36.991290328Z | Build Date: 2025-05-28T08:01:04.745Z |
| Current version: 1.1.0 | Status: interim |
| CVSSv3.1 Base Score: 9.8 | Severity: Critical |
| Original language: | Language: en-US |
| Also referred to: | |
Vulnerabilities
Authentication bypass in RevPi Webstatus (CVE-2025-41646)
Details
The RevPi Webstatus application is vulnerable to an authentication bypass. The password check is vulnerable to a implicit type conversion. That results in a wrong authentication if the JSON value TRUE is provided in the password parameter hashcode.
| CWE: | CWE-303:Incorrect Implementation of Authentication Algorithm |
|---|
Product status
Known affected
| Product | CVSS-Vector | CVSS Base Score |
|---|---|---|
| Revolution Pi webstatus <= 2.4.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 9.8 |
| Revolution Pi Revolution Pi OS Bullseye 04/2024 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 9.8 |
| Revolution Pi Revolution Pi OS Bullseye 09/2023 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 9.8 |
| Revolution Pi Revolution Pi OS Bullseye 07/2023 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 9.8 |
| Revolution Pi Revolution Pi OS Bullseye 06/2023 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 9.8 |
| Revolution Pi Revolution Pi OS Bullseye 02/2024 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 9.8 |
Fixed
- Revolution Pi webstatus 2.4.6
Remediations
Vendor fix (2025-05-09T15:00:00.000Z)
Install the updated package version 2.4.6 either using apt-get update && apt-get upgrade or download it manually and install via dpkg.
For products:
- Revolution Pi webstatus <= 2.4.5
Restart required: vulnerable_component
Install the updated package version 2.4.6 either using apt-get update && apt-get upgrade or download it manually and install via dpkg.
Acknowledgments
KUNBUS PSIRT thanks the following parties for their efforts:
- Ajay Anto for reporting the issue
KUNBUS PSIRT
Namespace: https://www.kunbus.com
product-security@kunbus.com
KUNBUS GmbH develops and produces the Revolution Pi Family, Revolution Pi OS and the extension modules for RevPi amongst others. KUNBUS PSIRT is responsible for vulnerability handling across all KUNBUS products and services.
References
- URL generated by system (self): https://psirt.kunbus.com/.well-known/csaf/white/2025/kunbus-2025-0000003.json
- HTML Version : https://www.kunbus.com/en/productsecurity/Kunbus-2025-0000003
Revision history
| Version | Date of the revision | Summary of the revision |
|---|---|---|
| 1.0.0 | 2025-05-09T15:08:40.440451729Z | Initial Publication |
| 1.1.0 | 2025-06-05T13:28:36.991290328Z | Fixed self reference |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/
Legal Disclaimer
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. KUNBUS RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.