Home / Vulnerability Intelligence / CVE-2025-41765

CVE-2025-41765 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: March 9, 2026

Unknown Product - Unrestricted File Upload

Published: March 9, 2026Updated: March 9, 2026Remote Exploitable

Overview

Affected product contains an unrestricted file upload vulnerability caused by insufficient authorization enforcement in the wwwupload.cgi endpoint, letting unauthorized remote attackers upload and apply arbitrary data, exploit requires no special privileges.

Severity & Score

Severity: Critical

CVSS Score: 9.1

EPSS Score: 5.8%(Probability of exploitation in next 30 days)

Impact

Unauthorized remote attackers can upload arbitrary files, potentially leading to system compromise or data manipulation.

Mitigation

Update to the latest version or apply vendor-provided patches to enforce proper authorization.

References

https://www.mbs-solutions.de/mbs-2025-0001

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 9, 2026

🔴 CVE-2025-41765 - Critical (9.1) Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for ... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-41765/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2025-41765
Severity: Critical
CVSS Score: 9.1
Type: unrestricted_file_upload
Status: unconfirmed
EPSS: 5.8%
Social Posts: 1

CWE

CWE-862

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS Score

5.8%Probability of exploitation in the next 30 days