What is CVE-2025-41765?

CVE-2025-41765 is a critical-severity vulnerability in Mbs Ubr-01 Mk Ii, classified under Missing Authorization. CVSS score: 9.1/10. Published 2026-03-09.

How severe is CVE-2025-41765?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Auth bypass in Mbs Ubr-01 Mk Ii

CVE-2025-41765

Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system back…

Vulnerability class: Broken Access Control

EPSS: 0.000 (9.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H.

Affected products

Mbs Ubr-01 Mk Ii — versions 0.0.0
Mbs Ubr-02 — versions 0.0.0
Mbs Ubr-lon — versions 0.0.0

Weakness classification (CWE)

CWE-862 — Missing Authorization

References

www.mbs-solutions.de/mbs-2025-0001

Frequently asked questions

What is CVE-2025-41765?: CVE-2025-41765 is a critical-severity vulnerability in Mbs Ubr-01 Mk Ii, classified under Missing Authorization. CVSS score: 9.1/10. Published 2026-03-09.
How severe is CVE-2025-41765?: Critical severity. CVSS v3 base score is 9.1 out of 10.