How serious is CVE-2025-41755?

This vulnerability has a CVSS score of 6.5 out of 10, classified as MEDIUM severity. No public exploit code has been identified yet.

Which products are affected by CVE-2025-41755?

CVE-2025-41755 affects mbs-solutions universal bacnet router firmware. Check the full CVE details for specific version information.

How do I fix CVE-2025-41755?

To remediate CVE-2025-41755, check for security patches from mbs-solutions. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2025-41755

Medium

|6.5

No Exploit

Plain English Summary

AI-powered analysis for quick understanding

An attacker can remotely read any file on the system by exploiting a flaw in the universal BACnet router firmware, as the software does not properly check the file names provided by the attacker. This requires the attacker to have low-level access, but they can manipulate a specific method to access sensitive information stored in files.

Technical Description

A low-privileged remote attacker can exploit the ubr-logread method in wwwubr.cgi to read arbitrary files on the system. The endpoint accepts a parameter specifying the log file to open (e.g., /tmp/weblog{some_number}), but this parameter is not properly validated, allowing an attacker to modify it to reference any file and retrieve its contents.

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

Confidentiality ImpactHigh

Integrity ImpactNone

Availability ImpactNone

ScopeUnchanged

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$931($500-$1K)

Vendor Response

Grade APatched in 2 days

Quick Information

Published

Mar 9, 2026

29 days ago

Last Modified

Mar 11, 2026

27 days ago

Vendor

mbs-solutions

Product

universal bacnet router firmware

Related Vulnerabilities

CVE-2025-41772High

An attacker can steal valid session tokens from the universal BACnet router firmware because these tokens are visible in the web address used to access the device's update page. This can be done remotely and without needing to log in, making it easy for anyone to exploit if they know the URL.

CVE-2025-41767High

An attacker can take complete control of the universal BACnet router by exploiting a flaw in its web interface that allows them to bypass security checks when updating the device. This can be done remotely, meaning the attacker doesn't need physical access to the device, making it a serious risk.

CVE-2025-41766High

This vulnerability allows a low-privileged remote attacker to take complete control of a device by sending a specially crafted HTTP POST request. The attacker only needs network access to the device to exploit this weakness, making it a serious risk for systems using this firmware.

CVE-2025-41765Critical

An attacker can exploit a flaw in the universal BACnet router firmware to upload and apply any type of data, such as malicious files or sensitive configuration settings, without proper authorization. This can happen remotely through a specific web endpoint, meaning the attacker doesn’t need physical access to the device.

CVE-2025-41764Critical

An attacker can remotely upload and install malicious updates on the universal BACnet router firmware because the system does not properly check if they are authorized to do so. This means that anyone with access to the specific update endpoint can take control of the device without needing any special permissions.