CVE-2025-46412 Vertiv CVE debrief

Who should care

OT/ICS operators using Vertiv Liebert RDU101 or Liebert IS-UNITY, especially teams responsible for remote management interfaces, network segmentation, patching, and asset inventory. Security teams should also prioritize any internet-exposed or broadly reachable management interfaces.

Technical summary

The advisory describes an authentication-bypass weakness in webserver functionality for Vertiv products. Affected versions are Vertiv Liebert RDU101 <= 1.9.0.0 and Vertiv Liebert IS-UNITY <= 8.4.1.0. The supplied CVSS 3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, consistent with a network-reachable issue that can have high confidentiality, integrity, and availability impact. Vertiv lists fixed versions: Liebert RDU101 v1.9.1.2_0000001 and IS-UNITY v8.4.3.1_00160.

Defensive priority

Immediate. This is a critical, remotely reachable authentication-bypass issue with vendor fixes available and high potential impact in industrial environments.

Recommended defensive actions

• Upgrade Vertiv Liebert RDU101 to v1.9.1.2_0000001.
• Upgrade Vertiv Liebert IS-UNITY to v8.4.3.1_00160.
• Restrict access to device web management interfaces to trusted administrative networks only.
• Review exposure of affected management interfaces and remove any unnecessary internet or broad network reachability.
• Validate asset inventory to confirm whether either affected product is deployed and at a vulnerable version.
• Use Vertiv's security support center for vendor guidance and coordination.

Evidence notes

All claims above are drawn from the supplied CISA CSAF advisory for ICSA-25-140-10 and the embedded product/version and remediation fields. The advisory states that affected Vertiv products do not properly protect webserver functions that could allow an attacker to bypass authentication. The supplied enrichment marks the issue as not listed in CISA KEV. No exploitation details beyond the advisory text were provided in the corpus.

Official resources