CVE-2025-41756
CVE-2025-41756
8.1
HighPublished:
Last updated:
Source:info@cert.vde.com
Analyzed
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- Low
- User Interaction
- None
- Scope
- Unchanged
- Confidentiality
- None
- Integrity
- High
- Availability
- High
Description
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system.
References
info@cert.vde.com
https://www.mbs-solutions.de/mbs-2025-0001