CVE-2025-41761
HIGHmbs-solutions universal_bacnet_router_firmware < 6.0.1.0 - Privilege Escalation via Sudo Permissions
Title source: llmDescription
A low‑privileged local attacker who gains access to the UBR service account (e.g., via SSH) can escalate privileges to obtain full system access. This is due to the service account being permitted to execute certain binaries (e.g., tcpdump and ip) with sudo.
References (1)
Core 1
Core References
Various Sources
https://www.mbs-solutions.de/mbs-2025-0001
Scores
CVSS v3
7.8
EPSS
0.0016
EPSS Percentile
5.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-88
Status
published
Products (1)
mbs-solutions/universal_bacnet_router_firmware
< 6.0.1.0
Published
Mar 09, 2026
Tracked Since
Mar 09, 2026