CVE-2025-41646

CRITICAL EXPLOITED NUCLEI

revpi_status < 2.4.6 - Unauthenticated Authentication Bypass via Incorrect Type Conversion

Title source: llm

Exploitation Summary

CVE-2025-41646 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including GreenForceNetworks, r0otk3r. A Nuclei detection template is also available.

AI-analyzed exploit summary This PoC exploits CVE-2025-41646, an authentication bypass in RevPi WebStatus ≤ v2.4.5. It sends a crafted JSON payload with `hashcode: true` to bypass weak type comparison logic, allowing admin login without credentials.

Description

An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device

Exploits (2)

nomisec WORKING POC 1 stars

by GreenForceNetworks · poc

https://github.com/GreenForceNetworks/CVE-2025-41646---Critical-Authentication-Bypass-

View Code ZIP pw:eip

This PoC exploits CVE-2025-41646, an authentication bypass in RevPi WebStatus ≤ v2.4.5. It sends a crafted JSON payload with `hashcode: true` to bypass weak type comparison logic, allowing admin login without credentials.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: RevPi WebStatus v2.4.5 and below

No auth needed

Prerequisites: Network access to the target system · RevPi WebStatus endpoint exposed

MITRE ATT&CK

T1110.001 - Password Guessing T1552.001 - Credentials In Files

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by r0otk3r · remote

https://github.com/r0otk3r/CVE-2025-41646

View Code ZIP pw:eip

This is a Python-based exploit for CVE-2025-41646, an authentication bypass vulnerability in RevPi Webstatus <= 2.4.5. The exploit sends a crafted POST request to `/php/dal.php` to obtain a valid admin session ID.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: RevPi Webstatus <= 2.4.5

No auth needed

Prerequisites: Network access to the target · RevPi Webstatus <= 2.4.5 running

MITRE ATT&CK

T1110 - Brute Force T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

RevPi Webstatus <= v2.4.5 - Authentication Bypass

CRITICALVERIFIEDby DhiyaneshDK

Shodan: title:"RevPi"

References (2)

Core 2

Core References

Vendor Advisory vendor-advisory

https://www.kunbus.com/en/productsecurity/Kunbus-2025-0000003

Product vendor-advisory x_csaf

https://psirt.kunbus.com/.well-known/csaf/white/2025/kunbus-2025-0000003.json

Scores

CVSS v3 9.8

EPSS 0.3384

EPSS Percentile 97.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2025-07-21

CWE

CWE-704

Status published

Products (1)

kunbus/revpi_status < 2.4.6

Published Jun 06, 2025

Tracked Since Feb 18, 2026