CVE-2025-41756
Published: 09 March 2026
Summary
CVE-2025-41756 is a high-severity Inclusion of Undocumented Features or Chicken Bits (CWE-1242) vulnerability in Mbs-Solutions Universal Bacnet Router Firmware. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Web Shell (T1505.003); ranked at the 24.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-41756 is a vulnerability in the wwwubr.cgi component, specifically the undocumented and unused ubr-editfile API endpoint, that allows a low-privileged remote attacker to write arbitrary files on the affected system. Published on 2026-03-09, it has a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H) and is associated with CWE-1242.
A low-privileged remote attacker can exploit this vulnerability over the network with low attack complexity and no user interaction required. Successful exploitation enables arbitrary file writes on the system, granting high-impact modifications to integrity and availability, which could facilitate privilege escalation, persistence, or further system compromise depending on the targeted files and locations.
The primary advisory reference is available at https://www.mbs-solutions.de/mbs-2025-0001, which details mitigation strategies for this issue.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-208358
Vulnerability details
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Arbitrary file write via web CGI endpoint directly enables deployment of web shells (T1505.003) for persistence and code execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Prohibits or restricts unused and undocumented API endpoints like ubr-editfile in wwwubr.cgi, preventing low-privileged remote attackers from exploiting them for arbitrary file writes.
Validates inputs to the ubr-editfile method to block arbitrary file paths and contents, directly mitigating the file write vulnerability.
Remediates the specific flaw in wwwubr.cgi's ubr-editfile endpoint through identification, patching, and verification, eliminating the arbitrary file write capability.