CVE-2025-9094

Summary

A vulnerability was detected in ThingsBoard 4.1. This vulnerability affects unknown code of the component Add Gateway Handler. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor replies, that "[t]he fix will come within upcoming release (v4.2) and will be inherited by maintenance releases of LTS versions (starting 4.0)."

Affected Software

VendorProductVersion RangeStatus
n/aThingsBoard4.1affected

Weaknesses

  • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine
  • CWE-791: Incomplete Filtering of Special Elements

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References