Kunbus RevPi Webstatus Authentication Bypass

Facebook

What is the Vulnerability?

FortiGuard Labs has detected active attack attempts targeting the Kunbus Revolution Pi Webstatus authentication bypass vulnerability (CVE-2025-41646), a flaw that allows remote attackers to log in without a password by exploiting improper credential handling.

A public proof-of-concept is already available, increasing the likelihood of widespread exploitation. The vulnerability can be triggered over the network without user interaction, granting attackers full administrative control of affected devices. Since Revolution Pi systems are frequently deployed in industrial and operational technology environments, successful exploitation could lead to unauthorized system control, data manipulation, or disruption of critical processes.

CISA has issued an ICS/OT advisory for this threat and urges organizations to update their systems immediately.

What is the recommended Mitigation?

• Upgrade affected systems to Revolution Pi Webstatus version 2.4.6, which addresses and corrects the authentication logic flaw.

• Refer to the Kunbus PSIRT advisory (Kunbus-2025-0000003) for full details, including patch availability, installation instructions, and additional risk-reduction guidance

What FortiGuard Coverage is available?

• FortiGuard IPS protection is available to detect and block attacks related to (CVE-2025-41646) Kunbus RevPi Webstatus Authentication Bypass.

Intrusion Prevention | FortiGuard Labs

• FortiGuard IoT Device Detection service is available to detect the Kunbus RevPi in your network.

IoT Device Detection | FortiGuard Labs

• Antimalware and Sandbox Service delivers protection against known malware and uses advanced behavioral analysis to detect and block unknown threats.

• The FortiGuard Incident Response team can be engaged to help with any suspected compromise.