← Retour aux CVEs
CVE-2025-41761
HIGH7.8
Description
A low‑privileged local attacker who gains access to the UBR service account (e.g., via SSH) can escalate privileges to obtain full system access. This is due to the service account being permitted to execute certain binaries (e.g., tcpdump and ip) with sudo.
Details CVE
Score CVSS v3.17.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie3/9/2026
Derniere modification3/11/2026
Sourcenvd
Observations honeypot0
Produits affectes
mbs-solutions:ubr-01_mk_iimbs-solutions:ubr-02mbs-solutions:ubr-lonmbs-solutions:universal_bacnet_router_firmware
Faiblesses (CWE)
CWE-88
References
https://www.mbs-solutions.de/mbs-2025-0001(info@cert.vde.com)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.