Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-41765
PUBLISHED
More InfoOfficial Page
Assigner-CERTVDE
Assigner Org ID-270ccfa6-a436-4e77-922e-914ec3a9685c
View Known Exploited Vulnerability (KEV) details
Published At-09 Mar, 2026 | 08:17
Updated At-09 Mar, 2026 | 20:14
Rejected At-
▼CVE Numbering Authority (CNA)
Unchecked role in wwwupload.cgi

Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and BACnet/SC server certificates and keys.

Affected Products
Vendor
MBS
Product
UBR-01 Mk II
Default Status
unaffected
Versions
Affected
  • From 0.0.0 before 6.0.1.0 (semver)
Vendor
MBS
Product
UBR-02
Default Status
unaffected
Versions
Affected
  • From 0.0.0 before 6.0.1.0 (semver)
Vendor
MBS
Product
UBR-LON
Default Status
unaffected
Versions
Affected
  • From 0.0.0 before 6.0.1.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862 Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862 Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Adrien Rey from Cyber Defense Campus Zurich
finder
Daniel Hulliger from Armasuisse
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.mbs-solutions.de/mbs-2025-0001
N/A
Hyperlink: https://www.mbs-solutions.de/mbs-2025-0001
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found