Vulnerability Description
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and BACnet/SC server certificates and keys.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mbs-Solutions | Universal Bacnet Router Firmware | < 6.0.1.0 |
| Mbs-Solutions | Ubr-01 Mk Ii | - |
| Mbs-Solutions | Ubr-02 | - |
| Mbs-Solutions | Ubr-Lon | - |
Related Weaknesses (CWE)
References
- https://www.mbs-solutions.de/mbs-2025-0001Vendor Advisory
FAQ
What is CVE-2025-41765?
CVE-2025-41765 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact ...
How severe is CVE-2025-41765?
CVE-2025-41765 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-41765?
Check the references section above for vendor advisories and patch information. Affected products include: Mbs-Solutions Universal Bacnet Router Firmware, Mbs-Solutions Ubr-01 Mk Ii, Mbs-Solutions Ubr-02, Mbs-Solutions Ubr-Lon.