Kunbus RevPi Webstatus Authentication Bypass

Blog

Byadmblake September 11, 2025

What is the Vulnerability? FortiGuard Labs has detected active attack attempts targeting the Kunbus Revolution Pi Webstatus authentication bypass vulnerability (CVE-2025-41646), a flaw that allows remote attackers to log in without a password by exploiting improper credential handling. A public proof-of-concept is already available, increasing the likelihood of widespread exploitation. The vulnerability can be triggered…

What is the Vulnerability?

FortiGuard Labs has detected active attack attempts targeting the Kunbus Revolution Pi Webstatus authentication bypass vulnerability (CVE-2025-41646), a flaw that allows remote attackers to log in without a password by exploiting improper credential handling.

A public proof-of-concept is already available, increasing the likelihood of widespread exploitation. The vulnerability can be triggered over the network without user interaction, granting attackers full administrative control of affected devices. Since Revolution Pi systems are frequently deployed in industrial and operational technology environments, successful exploitation could lead to unauthorized system control, data manipulation, or disruption of critical processes.

CISA has issued an ICS/OT advisory for this threat and urges organizations to update their systems immediately.

What is the recommended Mitigation?

• Upgrade affected systems to Revolution Pi Webstatus version 2.4.6, which addresses and corrects the authentication logic flaw.

• Refer to the Kunbus PSIRT advisory (Kunbus-2025-0000003) for full details, including patch availability, installation instructions, and additional risk-reduction guidance

What FortiGuard Coverage is available?

• FortiGuard IPS protection is available to detect and block attacks related to (CVE-2025-41646) Kunbus RevPi Webstatus Authentication Bypass.

Intrusion Prevention | FortiGuard Labs

• FortiGuard IoT Device Detection service is available to detect the Kunbus RevPi in your network.

IoT Device Detection | FortiGuard Labs

• Antimalware and Sandbox Service delivers protection against known malware and uses advanced behavioral analysis to detect and block unknown threats.

• The FortiGuard Incident Response team can be engaged to help with any suspected compromise.

Blog

Feds Shutter ShinyHunters Salesforce Extortion Site

The group warned that law-enforcement crackdowns are imminent in the wake of the takedown, but its extortion threats against Salesforce victims remain active.

Read More Feds Shutter ShinyHunters Salesforce Extortion Site
Blog

US Nuclear Agency Hacked in Microsoft SharePoint Frenzy

Threat actors are piling on the zero-day vulnerabilities in SharePoint, including at least three Chinese nation-state cyberespionage groups.

Read More US Nuclear Agency Hacked in Microsoft SharePoint Frenzy
Blog

TP-Link Router Flaw CVE-2023-33538 Under Active Exploit, CISA Issues Immediate Alert

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw in TP-Link wireless routers to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2023-33538 (CVSS score: 8.8), a command injection bug that could result in the execution of arbitrary system commands when

Read More TP-Link Router Flaw CVE-2023-33538 Under Active Exploit, CISA Issues Immediate Alert
Blog

Building Resilient IT Infrastructure From the Start

CISA’s Secure by Design planted a flag. Now, it’s on those who care about safeguarding systems to pick up the torch and take action to secure systems throughout the enterprise.

Read More Building Resilient IT Infrastructure From the Start
Blog

Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a maximum-severity security flaw impacting Commvault Command Center to its Known Exploited Vulnerabilities (KEV) catalog, a little over a week after it was publicly disclosed. The vulnerability in question is CVE-2025-34028 (CVSS score: 10.0), a path traversal bug that affects 11.38 Innovation Release, from versions

Read More Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed
Blog

⚡ Weekly Recap: WhatsApp Worm, Critical CVEs, Oracle 0-Day, Ransomware Cartel & More

Every week, the cyber world reminds us that silence doesn’t mean safety. Attacks often begin quietly — one unpatched flaw, one overlooked credential, one backup left unencrypted. By the time alarms sound, the damage is done. This week’s edition looks at how attackers are changing the game — linking different flaws, working together across borders,…

Read More ⚡ Weekly Recap: WhatsApp Worm, Critical CVEs, Oracle 0-Day, Ransomware Cartel & More

Related