Home

Description

Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates.

PUBLISHED Reserved 2025-04-16 | Published 2026-03-09 | Updated 2026-03-09 | Assigner CERTVDE




CRITICAL: 9.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Problem types

CWE-862 Missing Authorization

Product status

Default status
unaffected

0.0.0 (semver) before 6.0.1.0
affected

Default status
unaffected

0.0.0 (semver) before 6.0.1.0
affected

Default status
unaffected

0.0.0 (semver) before 6.0.1.0
affected

Credits

Adrien Rey from Cyber Defense Campus Zurich finder

Daniel Hulliger from Armasuisse finder

References

www.mbs-solutions.de/mbs-2025-0001

cve.org (CVE-2025-41764)

nvd.nist.gov (CVE-2025-41764)

Download JSON