CVE-2025-41764

Summary

Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates.

Affected Software

VendorProductVersion RangeStatus
MBSUBR-01 Mk II0.0.0 < 6.0.1.0affected
MBSUBR-020.0.0 < 6.0.1.0affected
MBSUBR-LON0.0.0 < 6.0.1.0affected

Weaknesses

  • CWE-862: CWE-862 Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References