CVE-2025-41772
Published: 09 March 2026
Summary
CVE-2025-41772 is a high-severity Use of HTTP Request With Sensitive Query String (CWE-598) vulnerability in Mbs-Solutions Universal Bacnet Router Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 18.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-41772 affects the UBR software, specifically the wwwupdate.cgi endpoint, where valid session tokens are exposed in plaintext within URL parameters. This vulnerability, published on 2026-03-09, stems from CWE-598 (use of GET request method with sensitive query strings) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact with low attack complexity and no privileges required.
An unauthenticated remote attacker can exploit this vulnerability over the network by accessing or intercepting URLs that include the wwwupdate.cgi endpoint, allowing them to obtain valid session tokens directly from the plaintext parameters.
Mitigation details are available in the advisory published by MBS Solutions at https://www.mbs-solutions.de/mbs-2025-0001.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-208382
Vulnerability details
An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cgi endpoint in UBR.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability in public-facing wwwupdate.cgi endpoint exposes session tokens in plaintext URLs (CWE-598), directly enabling remote exploitation of the web app (T1190) and access to unsecured credentials/tokens (T1552) for session hijacking.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires identification, reporting, and correction of the specific software flaw exposing valid session tokens in plaintext URL parameters of the wwwupdate.cgi endpoint.
Mandates protecting authenticator content, such as session tokens, from unauthorized disclosure, directly addressing their exposure in plaintext URL parameters.
Implements cryptographic mechanisms to protect confidentiality of transmitted session tokens, mitigating interception even when included in URL parameters.