SB2025050279 - Multiple vulnerabilities in KUNBUS Revolution Pi OS Bookworm and Revolution Pi PiCtory

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Missing Authentication for Critical Function (CVE-ID: CVE-2025-24522)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to authentication is not configured by default for the Node-RED server. A remote attacker can gain full access to the Node-RED server.

2) Authentication Bypass by Primary Weakness (CVE-ID: CVE-2025-32011)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the authentication bypass issue. A remote attacker can bypass authentication to get access due to a path traversal.

3) Improper Neutralization of Server-Side Includes (SSI) Within a Web Page (CVE-ID: CVE-2025-35996)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to improper neutralisation of Server-Side Includes (SSI). A remote user can execute the filename as HTML script tag, leading to cross-site-scripting attack.

4) Improper Neutralization of Server-Side Includes (SSI) Within a Web Page (CVE-ID: CVE-2025-36558)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to improper neutralisation of Server-Side Includes (SSI) within the sso_token used for authentication. A remote attacker can provide the user with a PiCtory URL, leading to cross-site-scripting attack.

Remediation

Install update from vendor's website.

References

• http://packages.revolutionpi.de/pool/main/p/pictory/
• https://www.cisa.gov/news-events/ics-advisories/icsa-25-121-01