CVE-2025-71318 – Authentication Bypass – Riello UPS NetMan 204 (All Versions)

## Summary

**CVE-2025-71318** is a critical authentication bypass vulnerability (CWE-306: Missing Authentication for Critical Function) affecting the Riello UPS NetMan 204 network management card. A remote, unauthenticated attacker can directly access administrative pages and privileged command endpoints over the network to disclose sensitive configuration data and remotely trigger physical UPS operations — including system shutdown — without supplying any credentials. The vulnerability carries a CVSS v3.1 base score of 9.8 (Critical).

### Technical details

– **Root cause:** The NetMan 204 web interface fails to enforce authentication on administrative pages and command endpoints; requests to protected resources are served without any credential check.
– **Trigger conditions:** No authentication, no user interaction, and no special network position required — the attacker sends a direct HTTP/HTTPS request to the vulnerable endpoint.
– **Attack vector:** Network-accessible HTTP/HTTPS interface exposed by the NetMan 204 card; discoverable on the internet via passive scanning techniques.
– **Information disclosure impact:** Unauthenticated access to `administration.html` and `configuration.html` exposes LDAP configuration and active user account details.
– **Command execution impact:** Unauthenticated access to `administration-commands.html` allows an attacker to invoke privileged UPS control commands including `shutdown`, `reboot`, `switch-on-bypass`, and `battery test`, enabling remote sabotage of physical power infrastructure.
– **Public PoC:** A proof-of-concept exploit (Exploit-DB entry 52183) is publicly available, demonstrating unauthenticated remote command execution against the device.

### Affected software

– Riello UPS NetMan 204 – all versions (no patched release is currently documented)

### Severity

CVSS v3.1 Base Score: **9.8 (Critical)**
Vector: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`

### Mitigation and recommended actions

– **No patch is currently available.** Riello UPS has not published a firmware update addressing CVE-2025-71318. Monitor the official Riello UPS NetMan 204 downloads page for firmware updates.
– **Immediate network mitigation:** Place NetMan 204 devices behind a firewall and block all direct internet-facing access to the device’s HTTP/HTTPS management interface.
– **Network segmentation:** Isolate UPS management network cards on a dedicated out-of-band management VLAN with strict access controls, limiting connectivity to authorized management hosts only.
– **Disable unnecessary services:** If remote web management is not required, disable the HTTP/HTTPS interface on the card where the device firmware allows.
– **Audit exposure:** Review your network perimeter to identify any NetMan 204 interfaces reachable from untrusted networks and remediate immediately.

## IONIX Status

The IONIX research team is tracking ongoing exploitation attempts and recommends immediate patching. Potentially affected assets are outlined in this post.

References:

• CVE-2025-71318 at NIST
• Exploit-DB PoC – Riello NetMan 204 Unauthenticated Remote Command Execution
• CyberDanube Security Research – Multiple Vulnerabilities in Riello NetMan 204