Which versions of Riello NetMan 204 are affected by CVE-2025-71318?

Riello UPS NetMan 204 network management cards contain a critical vulnerability allowing unauthenticated remote attackers to execute privileged power control commands (shutdown, reboot, battery test)…

Is there a public PoC exploit available for CVE-2025-71318?

Yes, a public proof-of-concept exploit is available for CVE-2025-71318. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2025-71318?

24 hours: Inventory all NetMan 204 units in your environment; implement network-level access restrictions to management interfaces using firewalls or VLANs; change any default credentials. 7 days: Deploy continuous monitoring for unauthorized access attempts to management interfaces; contact Riello for patched firmware availability and timeline; initiate procurement evaluation for replacement units with current security patches. 30 days: Complete hardware replacement plan execution or finalize compensating control validation; establish permanent network segmentation policy for all UPS management access; conduct post-remediation security testing.

Riello NetMan 204 CVE-2025-71318

Q: What is the CVSS score of CVE-2025-71318?

CVE-2025-71318 has a CVSS 4.0 base score of 9.3 (Critical). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.2%.

EUVD-2025-210079 CRITICAL

Missing Authentication for Critical Function (CWE-306)

2026-06-05 VulnCheck

GHSA-hpq5-cjqx-ppvm

Authentication Bypass Netman 204

9.3

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

9.3 CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Jun 05, 2026 - 18:34 vuln.today

CVSS changed

Jun 05, 2026 - 18:22 NVD

9.8 (CRITICAL) 9.3 (CRITICAL)

DescriptionCVE.org

NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages (such as administration.html, administration-commands.html, and configuration.html) to disclose sensitive information including LDAP configuration and active user details, and can invoke privileged UPS control commands - including shutdown, reboot, switch-on-bypass, and battery test - without supplying any credentials.

AnalysisAI

Unauthenticated administrative access in Riello UPS NetMan 204 network management cards allows remote attackers to read sensitive configuration and invoke privileged power-control commands by requesting administrative pages directly. With CVSS 4.0 score 9.3, publicly available exploit code exists (Exploit-DB 52183), enabling attackers to trigger UPS shutdown, reboot, bypass-switching, and battery tests against the protected infrastructure without any credentials.

Technical ContextAI

The NetMan 204 is a network management card used to remotely monitor and control Riello uninterruptible power supplies over HTTP, SNMP, and Modbus. The flaw is a classic CWE-306 (Missing Authentication for Critical Function): administrative endpoints such as administration.html, administration-commands.html, and configuration.html are served by the embedded web interface without any session check, so the authentication layer that protects the login UI is not enforced on the underlying handlers. Because the same handlers expose LDAP credentials, user data, and UPS control primitives (shutdown, reboot, switch-on-bypass, battery test), an attacker who can reach the card's HTTP port effectively gains full administrative authority over the UPS.

RemediationAI

Apply the firmware update available from Riello's download portal at https://www.riello-ups.com/downloads/25-netman-204 - an exact patched firmware version is not enumerated in the provided data, so administrators should consult the vendor page and the VulnCheck advisory (https://www.vulncheck.com/advisories/netman-204-missing-authentication-for-administrative-functions) for the fixed build number. Until patching is complete, restrict the NetMan 204 web management interface to a dedicated management VLAN or jump host using firewall ACLs (blocking inbound TCP/80 and TCP/443 from user, server, and internet networks); this preserves local administrative use but eliminates remote unauthenticated access. Additional compensating controls include placing the card behind an authenticating reverse proxy that enforces credentials before forwarding to administration*.html and configuration.html endpoints, and monitoring HTTP access logs for unauthenticated GETs to those paths, accepting that legitimate scripted integrations may need to be reconfigured to traverse the proxy.

CVE-2025-71318 vulnerability details – vuln.today

Back