Home

Description

A low‑privileged local attacker who gains access to the UBR service account (e.g., via SSH) can escalate privileges to obtain full system access. This is due to the service account being permitted to execute certain binaries (e.g., tcpdump and ip) with sudo.

PUBLISHED Reserved 2025-04-16 | Published 2026-03-09 | Updated 2026-03-09 | Assigner CERTVDE




HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Product status

Default status
unaffected

0.0.0 (semver) before 6.0.1.0
affected

Default status
unaffected

0.0.0 (semver) before 6.0.1.0
affected

Default status
unaffected

0.0.0 (semver) before 6.0.1.0
affected

Credits

Adrien Rey from Cyber Defense Campus Zurich finder

Daniel Hulliger from Armasuisse finder

References

www.mbs-solutions.de/mbs-2025-0001

cve.org (CVE-2025-41761)

nvd.nist.gov (CVE-2025-41761)

Download JSON