Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.8
Ubuntu Backup Server Service Account Privilege Escalation Risk
CVE-2025-41761
Summary
A malicious user who gains access to the Ubuntu Backup Server service account can use it to take control of the entire system. This is because the service account has been given too much permission to run certain commands. To protect against this, ensure that the service account only has necessary permissions and use secure access controls like SSH keys.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| mbs-solutions | universal_bacnet_router_firmware | <= 6.0.1.0 | – |
Original title
A low‑privileged local attacker who gains access to the UBR service account (e.g., via SSH) can escalate privileges to obtain full system access. This is due to the service account being permitted ...
Original description
A low‑privileged local attacker who gains access to the UBR service account (e.g., via SSH) can escalate privileges to obtain full system access. This is due to the service account being permitted to execute certain binaries (e.g., tcpdump and ip) with sudo.
nvd CVSS3.1
7.8
Vulnerability type
CWE-88
Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026