CVE-2025-41765
Published: 09 March 2026
Summary
CVE-2025-41765 is a critical-severity Missing Authorization (CWE-862) vulnerability in Mbs-Solutions Universal Bacnet Router Firmware. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 8.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and CM-5 (Access Restrictions for Change).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires enforcement of approved authorizations, addressing the core insufficient authorization enforcement in the wwwupload.cgi endpoint that permits unauthorized uploads of arbitrary data.
Mandates restricted access to change mechanisms, preventing unauthorized uploads and application of configurations, certificates, keys, and backups via the vulnerable endpoint.
Validates the content of uploaded information inputs to block application of arbitrary malicious data even if authorization partially fails.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct remote exploitation of unauthenticated file upload in public-facing wwwupload.cgi endpoint (CWE-862) enabling arbitrary data application and system manipulation.
NVD Description
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and BACnet/SC…
more
server certificates and keys.
Deeper analysisAI
CVE-2025-41765 is a critical vulnerability (CVSS 9.1, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H) caused by insufficient authorization enforcement (CWE-862) in the wwwupload.cgi endpoint. This flaw enables an unauthorized remote attacker to upload and apply arbitrary data, including but not limited to contact images, HTTPS certificates, system backups for restoration, server peer configurations, and BACnet/SC server certificates and keys.
An unauthorized remote attacker with network access can exploit this vulnerability with low complexity and no required privileges or user interaction. Successful exploitation allows the attacker to manipulate critical system components, such as overwriting certificates and keys or restoring malicious backups, resulting in high integrity and availability impacts while confidentiality remains unaffected.
Mitigation details are available in the vendor advisory at https://www.mbs-solutions.de/mbs-2025-0001.
Details
- CWE(s)