CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-41755

A low-privileged remote attacker can exploit the ubr-logread method in wwwubr.cgi to read arbitrary files on the system. The endpoint accepts a parameter specifying the log file to open (e.g., /tmp/weblog{some_number}), but this parameter is not properly validated, allowing an attacker to modify it to reference any file and retrieve its contents.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 4.7%

CVSS Severity

CVSS v3 Score 6.5

References

https://www.mbs-solutions.de/mbs-2025-0001

Products affected by CVE-2025-41755

Mbs-Solutions » Ubr-01 Mk Ii » Version: N/A

cpe:2.3:h:mbs-solutions:ubr-01_mk_ii:-
Mbs-Solutions » Ubr-02 » Version: N/A

cpe:2.3:h:mbs-solutions:ubr-02:-
Mbs-Solutions » Ubr-Lon » Version: N/A

cpe:2.3:h:mbs-solutions:ubr-lon:-
Mbs-Solutions » Universal Bacnet Router Firmware » Version: Any

cpe:2.3:o:mbs-solutions:universal_bacnet_router_firmware:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-41755

Products

Pricing

Contact Us