CRITICAL
KUNBUS
CVE published 2025-07-10
CVE-2025-41646
CVE-2025-41646 affects KUNBUS Revolution Pi Webstatus and is rated Critical (CVSS 9.8). CISA’s CSAF advisory says the password check can be bypassed because of implicit type conversion, allowing incorrect authentication when the JSON value TRUE is supplied in the password parameter hashcode. KUNBUS provides a fixed Webstatus package version 2.4.6. The advisory also lists several Revolution Pi OS Bullseye [truncated]