Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
UBR Can Create or Overwrite Files with Elevated Privileges
CVE-2025-41757
Summary
A low-privileged remote attacker can use the UBR backup restore feature to create or overwrite files on your system with elevated privileges. This could allow them to make changes to your system that you can't undo. To protect your system, update to the latest version of UBR or disable the backup restore feature until a fix is available.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| mbs-solutions | universal_bacnet_router_firmware | <= 6.0.1.0 | – |
Original title
A low-privileged remote attacker can abuse the backup restore functionality of UBR (ubr-restore) which runs with elevated privileges and does not validate the contents of the backup archive to crea...
Original description
A low-privileged remote attacker can abuse the backup restore functionality of UBR (ubr-restore) which runs with elevated privileges and does not validate the contents of the backup archive to create or overwrite arbitrary files anywhere on the system.
nvd CVSS3.1
8.8
Vulnerability type
CWE-22
Path Traversal
Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026