CVE-2025-35996: KUNBUS Revolution Pi Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
First published: Thu May 01 2025(Updated: )
KUNBUS PiCtory version 2.11.1 and earlier are vulnerable when an authenticated remote attacker crafts a special filename that can be stored by API endpoints. That filename is later transmitted to the client in order to show a list of configuration files. Due to a missing escape or sanitization, the filename could be executed as HTML script tag resulting in a cross-site-scripting attack.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| : KUNBUS CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing, Energy, Transportation Systems, Water and Wastewater Systems | ||
| : KUNBUS COUNTRIES/AREAS DEPLOYED: Worldwide | ||
| : KUNBUS COMPANY HEADQUARTERS LOCATION: Germany |
Remedy
KUNBUS has identified the following specific mitigations that users can apply to reduce risk: * Update PiCtory package to version 2.12 The preferred method for updating to version 2.12 is accomplished through KUNBUS's management UI Cockpit. However, users can also download the update package here http://packages.revolutionpi.de/pool/main/p/pictory/ . By end of April 2025, KUNBUS plans to release a new Cockpit plugin that helps the user to make configurations which are available in a graphical interface. In the meantime, it is recommended that users activate authentication. Please refer to this guide https://www.kunbus.com/files/media/misc/kunbus-2025-0000002-remediation.pdf for help with activating authentication.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-35996?
CVE-2025-35996 is classified as a medium-severity vulnerability affecting KUNBUS PiCtory version 2.11.1 and earlier.
How do I fix CVE-2025-35996?
To fix CVE-2025-35996, update KUNBUS PiCtory to version 2.11.2 or later, which includes the necessary security patches.
What type of vulnerability is CVE-2025-35996?
CVE-2025-35996 is a file injection vulnerability that allows an authenticated remote attacker to exploit filename manipulation.
Who is affected by CVE-2025-35996?
Organizations using KUNBUS PiCtory for critical infrastructure sectors such as manufacturing, energy, and transportation are affected by CVE-2025-35996.
What can happen if CVE-2025-35996 is exploited?
If exploited, CVE-2025-35996 could allow attackers to execute arbitrary commands on the client side due to improper filename handling.
- agent/weakness
- agent/type
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/remedy
- agent/references
- agent/description
- agent/first-publish-date
- agent/author
- agent/severity
- agent/event
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/: kunbus
- canonical/: kunbus critical infrastructure sectors: critical manufacturing, energy, transportation systems, water and wastewater systems
- canonical/: kunbus countries/areas deployed: worldwide
- canonical/: kunbus company headquarters location: germany