CVE-2025-41767
Published: 09 March 2026
Summary
CVE-2025-41767 is a high-severity Improper Verification of Cryptographic Signature (CWE-347) vulnerability in Mbs-Solutions Universal Bacnet Router Firmware. Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 11.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SI-7 (Software, Firmware, and Information Integrity).
Deeper analysis
CVE-2025-41767 is an update signature bypass vulnerability in the wwwupdate.cgi method of the web interface in UBR. Published on 2026-03-09, it corresponds to CWE-347 (Improper Verification of Cryptographic Signature) and carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.
A high-privileged remote attacker can exploit this vulnerability over the network with low attack complexity and no user interaction. Exploitation enables full device compromise, granting high-level impacts on confidentiality, integrity, and availability.
The primary advisory reference is available at https://www.mbs-solutions.de/mbs-2025-0001, which provides further details on the issue.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-208380
Vulnerability details
A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct exploitation of the public web interface (wwwupdate.cgi) via signature verification bypass enables remote full device compromise.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires cryptographic signature verification for software/firmware updates, which is the exact mechanism bypassed in wwwupdate.cgi.
Mandates cryptographic integrity checks on software and firmware, directly countering the CWE-347 signature bypass that enables full device compromise.
Enforces access restrictions on system changes including updates, limiting the ability of even high-privileged accounts to abuse the vulnerable wwwupdate.cgi path.