Cyber Posture

CVE-2025-41758

High

Published: 09 March 2026

Published
09 March 2026
Modified
11 March 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0008 22.3th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-41758 is a high-severity Path Traversal (CWE-22) vulnerability in Mbs-Solutions Universal Bacnet Router Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 22.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly prevents path traversal exploitation in wwupload.cgi by validating file path inputs to block arbitrary file writes.

SI-2 Flaw Remediation good match
prevent

Remediates the arbitrary file write vulnerability by identifying, testing, and applying patches as provided in the MBS Solutions advisory.

SI-7 Software, Firmware, and Information Integrity good match
detect

Detects unauthorized overwrites of critical files resulting from successful path traversal exploitation through integrity checks.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
attack.mitre.org →
Why these techniques?

Path traversal in public-facing wwupload.cgi enables direct exploitation of a web application (T1190) and arbitrary file write to deploy a web shell (T1505.003) for full compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and achieving a full system compromise.

Deeper analysisAI

CVE-2025-41758 is an arbitrary file write vulnerability stemming from path traversal (CWE-22) in the wwupload.cgi endpoint. This flaw enables attackers to overwrite arbitrary files on the affected device, potentially leading to full system compromise. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-03-09T09:15:59.720.

A low-privileged remote attacker can exploit the wwupload.cgi endpoint over the network with low complexity and no user interaction required. Successful exploitation allows overwriting critical files, granting high-impact confidentiality, integrity, and availability consequences, up to full control of the device.

The primary advisory from MBS Solutions (https://www.mbs-solutions.de/mbs-2025-0001) provides further details on mitigation and patches for this vulnerability.

Details

CWE(s)
CWE-22

Affected Products

mbs-solutions
universal bacnet router firmware
≤ 6.0.1.0

CVEs Like This One

CVE-2025-41757Same product: Mbs-Solutions Ubr-01 Mk Ii
CVE-2025-41765Same product: Mbs-Solutions Ubr-01 Mk Ii
CVE-2025-41767Same product: Mbs-Solutions Ubr-01 Mk Ii
CVE-2025-41766Same product: Mbs-Solutions Ubr-01 Mk Ii
CVE-2025-41756Same product: Mbs-Solutions Ubr-01 Mk Ii
CVE-2025-41764Same product: Mbs-Solutions Ubr-01 Mk Ii
CVE-2025-41772Same product: Mbs-Solutions Ubr-01 Mk Ii
CVE-2025-41761Same product: Mbs-Solutions Ubr-01 Mk Ii
CVE-2026-25732Shared CWE-22
CVE-2026-34414Shared CWE-22

References