CVE-2025-41772
CVE-2025-41772
7.5
HighPublished:
Last updated:
Source:info@cert.vde.com
Analyzed
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- Scope
- Unchanged
- Confidentiality
- High
- Integrity
- None
- Availability
- None
Description
An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cgi endpoint in UBR.
References
info@cert.vde.com
https://www.mbs-solutions.de/mbs-2025-0001