CVE-2025-41757
Published: 09 March 2026
Summary
CVE-2025-41757 is a high-severity Path Traversal (CWE-22) vulnerability in Mbs-Solutions Universal Bacnet Router Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 27.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires validation of backup archive contents to block path traversal payloads that enable arbitrary file creation or overwrite by the elevated ubr-restore process.
Directly mandates timely remediation of the path traversal flaw in ubr-restore, preventing exploitation through patching or updates.
Limits damage from successful exploitation by enforcing least privilege on the elevated ubr-restore process, restricting arbitrary writes to essential resources only.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in network-accessible privileged restore process directly enables remote exploitation of public-facing app (T1190) and arbitrary file write for privilege escalation (T1068).
NVD Description
A low-privileged remote attacker can abuse the backup restore functionality of UBR (ubr-restore) which runs with elevated privileges and does not validate the contents of the backup archive to create or overwrite arbitrary files anywhere on the system.
Deeper analysisAI
CVE-2025-41757, published on 2026-03-09, is a path traversal vulnerability (CWE-22) in the backup restore functionality of UBR's ubr-restore component. This tool executes with elevated privileges but does not properly validate the contents of backup archives, allowing malicious manipulation during restoration. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility and significant impacts.
A low-privileged remote attacker can exploit this issue by supplying a crafted backup archive to the ubr-restore functionality. Exploitation requires low complexity and no user interaction, enabling the attacker to create or overwrite arbitrary files anywhere on the system. This could result in privilege escalation, data tampering, or full system compromise, depending on the targeted files and the elevated context of the restore process.
Mitigation details are available in the vendor advisory at https://www.mbs-solutions.de/mbs-2025-0001.
Details
- CWE(s)