CVE-2025-46412
published 2025-05-21CVE-2025-46412: Affected Vertiv products do not properly protect webserver functions that could allow an attacker to bypass authentication.
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.55%
41.9th percentile
Affected Vertiv products do not properly protect webserver functions that could allow an attacker to bypass authentication.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vertiv | liebert_is-unity | <= 8.4.1.0 | — |
| vertiv | liebert_rdu101 | <= 1.9.0.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target devices are Liebert RDU101 (versions 1.9.0.0 and prior) and Liebert IS-UNITY (versions 8.4.1.0 and prior); detect exploitation attempts against their webserver functions, which can be reached remotely with no authentication required (AV:N/AC:L/PR:N/UI:N) ↗
- →Monitor for unauthenticated HTTP/HTTPS requests to protected webserver endpoints on Liebert RDU101 and IS-UNITY devices; successful exploitation requires no privileges and no user interaction, indicating direct web requests bypassing authentication controls ↗
- →These devices are deployed in Communications and Energy critical infrastructure sectors worldwide; prioritize detection and network segmentation for assets in those sectors ↗
- ·No known public exploitation has been reported at time of advisory publication; no public proof-of-concept or exploit code is referenced in the sources ↗
- ·The advisory covers two CVEs (CVE-2025-46412 authentication bypass and CVE-2025-41426 stack-based buffer overflow) affecting the same product versions; detections should account for both vulnerabilities being present simultaneously on unpatched devices ↗
- ·Patched versions (RDU101 v1.9.1.2_0000001 and IS-UNITY v8.4.3.1_00160) remediate the vulnerability; detections should focus on identifying unpatched/legacy version banners in network traffic ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8g7p-j56f-qh5f: Affected Vertiv products do not properly protect webserver functions that could allow an attacker to bypass authentication
ghsa_unreviewed·2025-05-21
CVE-2025-46412 [CRITICAL] CWE-288 GHSA-8g7p-j56f-qh5f: Affected Vertiv products do not properly protect webserver functions that could allow an attacker to bypass authentication
Affected Vertiv products do not properly protect webserver functions that could allow an attacker to bypass authentication.
CISA ICS
Vertiv Liebert RDU101 and UNITY
cisa_ics·2025-05-20·CVSS 9.8
[CRITICAL] Vertiv Liebert RDU101 and UNITY
ICS Advisory
##
Vertiv Liebert RDU101 and UNITY
Release DateMay 20, 2025
Alert CodeICSA-25-140-10
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.3
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Vertiv
- Equipment: Liebert RDU101 and Liebert UNITY
- Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Stack-based Buffer Overflow
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition or achieve remote code execution
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following Vertiv products are affected:
- Liebert RDU101: Versions 1.9.0.0 and prio
No detection rules found.
No public exploits indexed.
2025-05-21
Published