CVE-2025-41760

Description

An administrator may attempt to block all traffic by configuring a pass filter with an empty table. However, in UBR, an empty list does not enforce any restrictions and allows all network traffic to pass unfiltered.

PUBLISHED Reserved 2025-04-16 | Published 2026-03-09 | Updated 2026-03-09 | Assigner CERTVDE

Problem types

CWE-636 Not Failing Securely ('Failing Open')

Product status

Credits

Adrien Rey from Cyber Defense Campus Zurich finder

Daniel Hulliger from Armasuisse finder

References

www.mbs-solutions.de/mbs-2025-0001

cve.org (CVE-2025-41760)

nvd.nist.gov (CVE-2025-41760)

Download JSON