CVE-2025-41765— Unchecked role in wwwupload.cgi
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-41765
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unchecked role in wwwupload.cgi
Source: NVD (National Vulnerability Database)
Vulnerability Description
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and BACnet/SC server certificates and keys.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
MBS多款产品 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
MBS UBR-01 Mk II等都是德国MBS公司的产品。MBS UBR-01 Mk II是一款远程基站设备。MBS UBR-02是一款远程基站设备。MBS UBR-LON是一款工业自动化系统的通信接口设备。 MBS多款产品存在安全漏洞,该漏洞源于wwwupload.cgi端点授权不足,可能导致上传和应用任意数据。以下产品受到影响:MBS UBR-01 Mk II、MBS UBR-02和MBS UBR-LON。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
II. Public POCs for CVE-2025-41765
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-41765
请登录查看更多情报信息。
Advisory · 1
Same Patch Batch · MBS · 2026-03-09 · 15 CVEs total
| CVE-2025-41764 | 9.1 CRITICAL | Unchecked role in wwwupdate.cgi |
| CVE-2025-41758 | 8.8 HIGH | Arbitrary Write with wwwupload.cgi |
| CVE-2025-41766 | 8.8 HIGH | Stack buffer overflow on parsing web request |
| CVE-2025-41757 | 8.8 HIGH | Arbitrary Write with ubr-restore |
| CVE-2025-41756 | 8.1 HIGH | Arbitrary Write with ubr-editfile |
| CVE-2025-41761 | 7.8 HIGH | Privilege escalation possible |
| CVE-2025-41772 | 7.5 HIGH | wwwupdate.cgi Session token in URL |
| CVE-2025-41767 | 7.2 HIGH | Signature bypass on update upload |
| CVE-2025-41763 | 6.5 MEDIUM | Unchecked role in wwwdnload.cgi |
| CVE-2025-41754 | 6.5 MEDIUM | Arbitrary Read with ubr-editfile |
| CVE-2025-41755 | 6.5 MEDIUM | Arbitrary Read with ubr-logread |
| CVE-2025-41762 | 6.2 MEDIUM | Secret leak with wwwdnload.cgi |
| CVE-2025-41760 | 4.9 MEDIUM | Pass filter with Empty Table |
| CVE-2025-41759 | 4.9 MEDIUM | Use of wildcard (“*” or “all”) in Block list |
IV. Related Vulnerabilities
Same weakness: CWE-862
- CVE-2026-45244
Summarize < 0.15.1 Unapproved Browser Automation Execution - CVE-2026-45242
Summarize < 0.15.1 Path Traversal via slidesDir Parameter - CVE-2026-45243
Summarize < 0.15.1 Browser Extension Missing Authorization v - CVE-2026-5163
Missing authorization check in AI message rewrite endpoint a - CVE-2026-3117
Instance and webhook GitLab plugin commands were able to be
V. Comments for CVE-2025-41765
No comments yet