KUNBUS RevPi Webstatus

Act NowCVSS 9.8ICS-CERT ICSA-25-191-09Jul 10, 2025

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

This vulnerability allows attackers to bypass authentication on the Revolution Pi Webstatus interface through an authentication bypass flaw (CWE-303), enabling unauthorized access to the application without valid credentials. Successful exploitation allows attackers to gain full administrative access to RevPi systems. The Webstatus service is a web-based management interface commonly used for remote monitoring and configuration of Revolution Pi industrial computers. The vulnerability affects Webstatus versions 2.4.5 and prior. Mitigation includes updating to version 2.4.6, restricting network access to the interface, and isolating RevPi devices from untrusted networks.

What this means

What could happen

An attacker could bypass authentication on the Webstatus interface and gain full administrative access to RevPi industrial computers, potentially allowing them to modify configuration, stop processes, or alter sensor readings and control outputs.

Who's at risk

Water authorities, municipalities, and utilities operating Revolution Pi industrial computers for equipment control, sensor monitoring, or gateway functions. This includes any facility using RevPi for automation, data aggregation, or process monitoring.

How it could be exploited

An attacker on the network with access to the Webstatus interface (typically port 8088) can send a crafted request that bypasses the authentication mechanism, gaining immediate access to administrative functions without valid credentials.

Prerequisites

Network access to the Webstatus interface (typically port 8088)
No valid credentials required

Remotely exploitableNo authentication requiredLow complexityHigh EPSS score (33.8%)Critical CVSS score (9.8)

Exploitability

Likely to be exploited — EPSS score 33.8%

Public Proof-of-Concept (PoC) on GitHub (2 repositories)

Affected products (6)

1 with fix5 EOL

ProductAffected VersionsFix Status

Revolution Pi Webstatus: <=2.4.5≤ 2.4.52.4.6

Revolution Pi OS Bullseye: 04/202404/2024No fix (EOL)

Revolution Pi OS Bullseye: 09/202309/2023No fix (EOL)

Revolution Pi OS Bullseye: 07/202307/2023No fix (EOL)

Revolution Pi OS Bullseye: 06/202306/2023No fix (EOL)

Revolution Pi OS Bullseye: 02/202402/2024No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/3

HOTFIXUpdate Revolution Pi Webstatus to version 2.4.6 or later using apt-get update && apt-get upgrade or by downloading and installing the package manually via dpkg

WORKAROUNDRestrict network access to the Webstatus interface (port 8088) using firewall rules to only allow connections from trusted engineering workstations or management networks

HARDENINGPlace RevPi devices behind a firewall and isolate them from the business network; do not expose the Webstatus interface to the Internet

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: Revolution Pi OS Bullseye: 04/2024, Revolution Pi OS Bullseye: 09/2023, Revolution Pi OS Bullseye: 07/2023, Revolution Pi OS Bullseye: 06/2023, Revolution Pi OS Bullseye: 02/2024. Apply the following compensating controls:

HARDENINGIf remote access is required, use a VPN to provide secure tunnel access rather than exposing the interface directly

CVEs (1)

CVE-2025-41646

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/21848a7d-d025-471e-b4db-b823ee36aa58

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.