Cyber Resilience

CVE-2025-41756

High

Published: 09 March 2026

Published
09 March 2026
Modified
11 March 2026
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0033 24.3th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-41756 is a high-severity Inclusion of Undocumented Features or Chicken Bits (CWE-1242) vulnerability in Mbs-Solutions Universal Bacnet Router Firmware. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Web Shell (T1505.003); ranked at the 24.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-41756 is a vulnerability in the wwwubr.cgi component, specifically the undocumented and unused ubr-editfile API endpoint, that allows a low-privileged remote attacker to write arbitrary files on the affected system. Published on 2026-03-09, it has a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H) and is associated with CWE-1242.

A low-privileged remote attacker can exploit this vulnerability over the network with low attack complexity and no user interaction required. Successful exploitation enables arbitrary file writes on the system, granting high-impact modifications to integrity and availability, which could facilitate privilege escalation, persistence, or further system compromise depending on the targeted files and locations.

The primary advisory reference is available at https://www.mbs-solutions.de/mbs-2025-0001, which details mitigation strategies for this issue.

EU & UK References

Vulnerability details

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Arbitrary file write via web CGI endpoint directly enables deployment of web shells (T1505.003) for persistence and code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-41758Same product: Mbs-Solutions Ubr-01 Mk Ii
CVE-2025-41772Same product: Mbs-Solutions Ubr-01 Mk Ii
CVE-2025-41761Same product: Mbs-Solutions Ubr-01 Mk Ii
CVE-2025-41766Same product: Mbs-Solutions Ubr-01 Mk Ii
CVE-2025-41767Same product: Mbs-Solutions Ubr-01 Mk Ii
CVE-2025-41765Same product: Mbs-Solutions Ubr-01 Mk Ii
CVE-2025-41757Same product: Mbs-Solutions Ubr-01 Mk Ii
CVE-2025-41764Same product: Mbs-Solutions Ubr-01 Mk Ii
CVE-2026-35078Same vendor: Mbs-Solutions
CVE-2026-35077Same vendor: Mbs-Solutions

Affected Assets

mbs-solutions
universal bacnet router firmware
≤ 6.0.1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Prohibits or restricts unused and undocumented API endpoints like ubr-editfile in wwwubr.cgi, preventing low-privileged remote attackers from exploiting them for arbitrary file writes.

prevent

Validates inputs to the ubr-editfile method to block arbitrary file paths and contents, directly mitigating the file write vulnerability.

prevent

Remediates the specific flaw in wwwubr.cgi's ubr-editfile endpoint through identification, patching, and verification, eliminating the arbitrary file write capability.

References