CVE-2025-41755

Arbitrary Read with ubr-logread

CVSS 6.5 MEDIUMEPSS 0.5%CWE-22

In short

A remote attacker with low privileges can read any file on the system through a flaw in the ubr-logread method that doesn't validate which files can be accessed. This allows exposure of sensitive information like configuration files or credentials.

Technical detail

The wwwubr.cgi endpoint's ubr-logread method accepts an unsanitized log file path parameter (CWE-22: Path Traversal), permitting unauthenticated or low-privileged remote attackers to retrieve arbitrary files. No input validation prevents modification of the file reference from intended log paths to sensitive system files, resulting in unauthorized information disclosure.

Summary generated and translated by AI from the official description.

A low-privileged remote attacker can exploit the ubr-logread method in wwwubr.cgi to read arbitrary files on the system. The endpoint accepts a parameter specifying the log file to open (e.g., /tmp/weblog{some_number}), but this parameter is not properly validated, allowing an attacker to modify it to reference any file and retrieve its contents.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected products

MBS · UBR-01 Mk II MBS · UBR-02 MBS · UBR-LON

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.mbs-solutions.de/mbs-2025-0001