CVE-2025-41763 | THREATINT

Description

A low‑privileged remote attacker can directly interact with the wwwdnload.cgi endpoint to download any resource available to administrators, including system backups and certificate request files.

PUBLISHED Reserved 2025-04-16 | Published 2026-03-09 | Updated 2026-03-09 | Assigner CERTVDE

MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere

Product status

Default status

unaffected

0.0.0 (semver) before 6.0.1.0

affected

Default status

unaffected

0.0.0 (semver) before 6.0.1.0

affected

Default status

unaffected

0.0.0 (semver) before 6.0.1.0

affected

Credits

Adrien Rey from Cyber Defense Campus Zurich finder

Daniel Hulliger from Armasuisse finder

References

www.mbs-solutions.de/mbs-2025-0001

cve.org (CVE-2025-41763)

nvd.nist.gov (CVE-2025-41763)

Download JSON

help @ threatint.eu