CVE-2025-41646
Published: 06 June 2025
Summary
CVE-2025-41646 is a critical-severity Incorrect Type Conversion or Cast (CWE-704) vulnerability in Kunbus Revpi Status. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 2.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2025-41646 is an authentication bypass vulnerability in a KUNBUS software package, stemming from incorrect type conversion as classified under CWE-704. The flaw carries a CVSS 3.1 base score of 9.8 and permits remote attackers to circumvent authentication controls, resulting in full compromise of the affected device.
An unauthenticated remote attacker can exploit the issue over the network with low attack complexity and no user interaction required. Successful exploitation grants complete control of the device, including the ability to read, modify, or disrupt its data and functionality.
Vendor advisories published by KUNBUS provide further details on the affected package and recommended actions; they are available at the referenced PSIRT JSON and product security pages. The associated EPSS score has remained at 0.3384 since disclosure with no material increase observed.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-17316
Vulnerability details
An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.