CVE-2025-41756

HIGH

wwwubr.cgi - Arbitrary File Write

Title source: llm

Description

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system.

References (1)

[Various Sources] https://www.mbs-solutions.de/mbs-2025-0001

Scores

CVSS v3 8.1

EPSS 0.0010

EPSS Percentile 26.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Classification

CWE

CWE-1242

Status draft

Timeline

Published Mar 09, 2026

Tracked Since Mar 09, 2026