CVE-2025-24522
📋 TL;DR
KUNBUS Revolution Pi OS Bookworm 01/2025 has no authentication configured by default for its Node-RED server, allowing unauthenticated remote attackers to gain full access. This enables arbitrary command execution on the underlying operating system. Organizations using Revolution Pi devices with this OS version are affected.
💻 Affected Systems
- KUNBUS Revolution Pi OS Bookworm
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise allowing attackers to execute arbitrary commands, steal data, install malware, pivot to other systems, or disrupt industrial operations.
Likely Case
Unauthenticated attackers gaining Node-RED server access to run commands, potentially disrupting operations or establishing persistence.
If Mitigated
Limited impact if authentication is properly configured and network access is restricted.
🎯 Exploit Status
Exploitation requires only network access to Node-RED server port (default 1880).
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patched version
Vendor Advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-25-121-01
Restart Required: Yes
Instructions:
1. Update Revolution Pi OS to latest version. 2. Configure Node-RED authentication. 3. Restart Node-RED service.
🔧 Temporary Workarounds
Enable Node-RED Authentication
linuxConfigure authentication for Node-RED server to require credentials
Edit Node-RED settings.js file to enable authentication
Add adminAuth configuration with secure credentials
Restrict Network Access
linuxBlock external access to Node-RED port using firewall
sudo ufw deny 1880
sudo iptables -A INPUT -p tcp --dport 1880 -j DROP
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Revolution Pi devices
- Configure Node-RED authentication immediately and change default credentials
🔍 How to Verify
Check if Vulnerable:
Check if Node-RED server is accessible without authentication on port 1880Check Version:
Check OS version in /etc/os-release or via vendor documentationVerify Fix Applied:
Verify authentication is required when accessing Node-RED web interface📡 Detection & Monitoring
Log Indicators:
- Unauthenticated access attempts to Node-RED
- Unusual command execution via Node-RED flows
Network Indicators:
- External connections to port 1880
- Unusual traffic patterns to/from Revolution Pi
SIEM Query:
destination_port:1880 AND NOT (user:* OR auth_success:true)