Remote Code Execution Vulnerability in MBS Software by MBS Solutions
CVE-2025-41756

8.1HIGH

Key Information:

Vendor: Mbs
Status: Ubr-01 Mk Ii; Ubr-02; Ubr-lon
Vendor: CVE Published:; 9 March 2026

What is CVE-2025-41756?

A low-privileged remote attacker can exploit the 'ubr-editfile' method in the 'wwwubr.cgi' API endpoint, which is undocumented and unused. This exploitation allows attackers to write arbitrary files to the system, potentially compromising the integrity and security of the affected product. Organizations using MBS Software should review their configurations and security measures to mitigate the risk and ensure system integrity.

Affected Version(s)

UBR-01 Mk II 0.0.0 < 6.0.1.0

UBR-02 0.0.0 < 6.0.1.0

UBR-LON 0.0.0 < 6.0.1.0

References

https://www.mbs-solutions.de/mbs-2025-0001

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 9, 2026
Vulnerability Reserved
Apr 16, 2025

Credit

Adrien Rey from Cyber Defense Campus Zurich

Daniel Hulliger from Armasuisse

CVE-2025-41756 Data

JSON

Mbs

What is CVE-2025-41756?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit