Apache Download Script Allows Unauthorized File Access

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.5

Apache Download Script Allows Unauthorized File Access

CVE-2025-41763

Summary

A bug in the Apache web server's download script lets an attacker access sensitive files like backups and certificates without permission. This could allow unauthorized access to confidential information. To fix this, update the Apache software to the latest version.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
mbs-solutions	universal_bacnet_router_firmware	<= 6.0.1.0	–

Original title

A low‑privileged remote attacker can directly interact with the wwwdnload.cgi endpoint to download any resource available to administrators, including system backups and certificate request files.

Original description

A low‑privileged remote attacker can directly interact with the wwwdnload.cgi endpoint to download any resource available to administrators, including system backups and certificate request files.

nvd CVSS3.1 6.5

Vulnerability type

CWE-497

https://www.mbs-solutions.de/mbs-2025-0001

Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026