CVE-2025-24522

Summary

KUNBUS Revolution Pi OS Bookworm 01/2025 is vulnerable because authentication is not configured by default for the Node-RED server. This can give an unauthenticated remote attacker full access to the Node-RED server where they can run arbitrary commands on the underlying operating system.

Affected Software

VendorProductVersion RangeStatus
KUNBUS GmbHRevolution Pi OS Bookworm0 <= 01/2025affected

Weaknesses

  • CWE-305: CWE-305

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References