cbcvebase.
CVE-2025-46412
published 2025-05-21

CVE-2025-46412: Affected Vertiv products do not properly protect webserver functions that could allow an attacker to bypass authentication.

PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.55%
41.9th percentile
Affected Vertiv products do not properly protect webserver functions that could allow an attacker to bypass authentication.

Affected

2 ranges
VendorProductVersion rangeFixed in
vertivliebert_is-unity<= 8.4.1.0
vertivliebert_rdu101<= 1.9.0.0

Detection & IOCsextracted from sources · hover to see the quote

  • Target devices are Liebert RDU101 (versions 1.9.0.0 and prior) and Liebert IS-UNITY (versions 8.4.1.0 and prior); detect exploitation attempts against their webserver functions, which can be reached remotely with no authentication required (AV:N/AC:L/PR:N/UI:N)
  • Monitor for unauthenticated HTTP/HTTPS requests to protected webserver endpoints on Liebert RDU101 and IS-UNITY devices; successful exploitation requires no privileges and no user interaction, indicating direct web requests bypassing authentication controls
  • These devices are deployed in Communications and Energy critical infrastructure sectors worldwide; prioritize detection and network segmentation for assets in those sectors
  • ·No known public exploitation has been reported at time of advisory publication; no public proof-of-concept or exploit code is referenced in the sources
  • ·The advisory covers two CVEs (CVE-2025-46412 authentication bypass and CVE-2025-41426 stack-based buffer overflow) affecting the same product versions; detections should account for both vulnerabilities being present simultaneously on unpatched devices
  • ·Patched versions (RDU101 v1.9.1.2_0000001 and IS-UNITY v8.4.3.1_00160) remediate the vulnerability; detections should focus on identifying unpatched/legacy version banners in network traffic

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.