CVE-2025-71318 Riello UPS CVE debrief

Who should care

Administrators and users of NetMan 204 are advised to take immediate action to mitigate this vulnerability.

Technical summary

The vulnerability is caused by a lack of authentication enforcement on administrative pages and command endpoints in NetMan 204. This allows remote, unauthenticated attackers to directly request administrative pages, such as administration.html, administration-commands.html, and configuration.html, to disclose sensitive information. Attackers can also invoke privileged UPS control commands, including shutdown, reboot, switch-on-bypass, and battery test, without supplying any credentials.

Defensive priority

High

Recommended defensive actions

• Apply patches or updates provided by the vendor to fix the vulnerability.
• Restrict access to administrative pages and commands to authorized personnel only.
• Monitor system logs for suspicious activity.

Evidence notes

The vulnerability is reported by [email protected] and has been documented in various sources, including [ref-4](https://www.exploit-db.com/exploits/52183), [ref-5](https://www.riello-ups.com/downloads/25-netman-204), and [ref-6](https://www.vulncheck.com/advisories/netman-204-missing-authentication-for-administrative-functions).

Official resources