Unauthorized Update Upload in Zabbix Web Interface

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.1

Unauthorized Update Upload in Zabbix Web Interface

CVE-2025-41764

Summary

An attacker can upload and apply malicious software updates to your Zabbix server, potentially disrupting its operation. This is a serious issue because an attacker could gain control of your server. To protect yourself, update the Zabbix server to a fixed version as soon as possible.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
mbs-solutions	universal_bacnet_router_firmware	<= 6.0.1.0	–

Original title

Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates.

Original description

Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates.

nvd CVSS3.1 9.1

Vulnerability type

CWE-862 Missing Authorization

https://www.mbs-solutions.de/mbs-2025-0001

Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026