Home / Vulnerability Intelligence / CVE-2025-41757

CVE-2025-41757 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 9, 2026

UBR - Unrestricted File Upload

Published: March 9, 2026Updated: March 9, 2026Remote Exploitable

Overview

UBR contains an unrestricted file write caused by improper validation of backup archive contents in the backup restore functionality, letting low-privileged remote attackers create or overwrite arbitrary files, exploit requires remote access.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 22.1%(Probability of exploitation in next 30 days)

Impact

Low-privileged remote attackers can create or overwrite arbitrary files, potentially leading to system compromise or privilege escalation.

Mitigation

Update to the latest version with proper validation of backup archive contents.

References

https://www.mbs-solutions.de/mbs-2025-0001

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 9, 2026

🟠 CVE-2025-41757 - High (8.8) A low-privileged remote attacker can abuse the backup restore functionality of UBR (ubr-restore) which runs with elevated privileges and does not validate the contents of the backup archive to create or overwrite arbitrary files anywhere on the sy... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-41757/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2025-41757
Severity: High
CVSS Score: 8.8
Type: unrestricted_file_upload
Status: unconfirmed
EPSS: 22.1%
Social Posts: 1

CWE

CWE-22

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

22.1%Probability of exploitation in the next 30 days