CVE-2025-41765CRITICAL 9.1EPSS p17.6%

CVE-2025-41765CVE-2025-41765

Description

Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and BACnet/SC server certificates and keys.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS0.27% probability of exploitation · percentile 17.6% · 2026-06-19T12:03:05Z
Published2026-03-09
Last modified2026-03-11

Underlying weaknesses· 1

CWE-862

References

  1. https://www.mbs-solutions.de/mbs-2025-0001

1

TypeTargetConfidenceTier
WeaknessMissing Authorizationcwe-8620%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-41764
CVE
CVE-2025-41758
CVE
CVE-2025-41651
CVE
CVE-2026-49201
CVE
CVE-2025-3626
CVE
CVE-2025-41734
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.