CVE-2025-41757

Arbitrary Write with ubr-restore

CVSS 8.8 HIGHEPSS 0.5%CWE-22

In short

A backup restore tool runs with high privileges but doesn't check what files are inside backup archives, letting attackers create or overwrite any file on the system by crafting malicious backups.

Technical detail

The ubr-restore utility executes with elevated privileges and lacks input validation on backup archive contents, enabling arbitrary file write/overwrite attacks via CWE-22 (Path Traversal). A remote low-privileged attacker can exploit this by submitting a crafted backup file, bypassing access controls to modify critical system files.

Summary generated and translated by AI from the official description.

A low-privileged remote attacker can abuse the backup restore functionality of UBR (ubr-restore) which runs with elevated privileges and does not validate the contents of the backup archive to create or overwrite arbitrary files anywhere on the system.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

MBS · UBR-01 Mk II MBS · UBR-02 MBS · UBR-LON

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.mbs-solutions.de/mbs-2025-0001