CVE-2025-41760

Summary

An administrator may attempt to block all traffic by configuring a pass filter with an empty table. However, in UBR, an empty list does not enforce any restrictions and allows all network traffic to pass unfiltered.

Affected Software

VendorProductVersion RangeStatus
MBSUBR-01 Mk II0.0.0 < 6.0.1.0affected
MBSUBR-020.0.0 < 6.0.1.0affected
MBSUBR-LON0.0.0 < 6.0.1.0affected

Weaknesses

  • CWE-636: CWE-636 Not Failing Securely ('Failing Open')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References