Cyber Resilience

CVE-2025-41767

High

Published: 09 March 2026

Published
09 March 2026
Modified
11 March 2026
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0004 11.8th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-41767 is a high-severity Improper Verification of Cryptographic Signature (CWE-347) vulnerability in Mbs-Solutions Universal Bacnet Router Firmware. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 11.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SI-7 (Software, Firmware, and Information Integrity).

Deeper analysis

CVE-2025-41767 is an update signature bypass vulnerability in the wwwupdate.cgi method of the web interface in UBR. Published on 2026-03-09, it corresponds to CWE-347 (Improper Verification of Cryptographic Signature) and carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

A high-privileged remote attacker can exploit this vulnerability over the network with low attack complexity and no user interaction. Exploitation enables full device compromise, granting high-level impacts on confidentiality, integrity, and availability.

The primary advisory reference is available at https://www.mbs-solutions.de/mbs-2025-0001, which provides further details on the issue.

EU & UK References

Vulnerability details

A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Direct exploitation of the public web interface (wwwupdate.cgi) via signature verification bypass enables remote full device compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-41764Same product: Mbs-Solutions Ubr-01 Mk Ii
CVE-2025-41765Same product: Mbs-Solutions Ubr-01 Mk Ii
CVE-2025-41766Same product: Mbs-Solutions Ubr-01 Mk Ii
CVE-2025-41772Same product: Mbs-Solutions Ubr-01 Mk Ii
CVE-2025-41758Same product: Mbs-Solutions Ubr-01 Mk Ii
CVE-2025-41757Same product: Mbs-Solutions Ubr-01 Mk Ii
CVE-2025-41756Same product: Mbs-Solutions Ubr-01 Mk Ii
CVE-2025-41761Same product: Mbs-Solutions Ubr-01 Mk Ii
CVE-2025-24043Shared CWE-347
CVE-2026-32974Shared CWE-347

Affected Assets

mbs-solutions
universal bacnet router firmware
≤ 6.0.1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires cryptographic signature verification for software/firmware updates, which is the exact mechanism bypassed in wwwupdate.cgi.

prevent

Mandates cryptographic integrity checks on software and firmware, directly countering the CWE-347 signature bypass that enables full device compromise.

prevent

Enforces access restrictions on system changes including updates, limiting the ability of even high-privileged accounts to abuse the vulnerable wwwupdate.cgi path.

References