#VU108169 Authentication Bypass by Primary Weakness in Revolution Pi PiCtory - CVE-2025-32011


Vulnerability identifier: #VU108169

Vulnerability risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-32011

CWE-ID: CWE-305

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Revolution Pi PiCtory
Other software / Other software solutions

Vendor: Kunbus

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the authentication bypass issue. A remote attacker can bypass authentication to get access due to a path traversal.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Revolution Pi PiCtory: 2.5.0 - 2.11.1

External links
https://packages.revolutionpi.de/pool/main/p/pictory/
https://www.cisa.gov/news-events/ics-advisories/icsa-25-121-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in KUNBUS Revolution Pi OS Bookworm and Revolution Pi PiCtory