How to fix CVE-2025-41758?

Within 24 hours: Identify and inventory all systems running vulnerable wwupload.cgi endpoints; isolate critical affected assets from production networks if possible. Within 7 days: Implement WAF rules to block suspicious requests to wwupload.cgi and enforce strict input validation; disable the wwupload.cgi endpoint if operationally feasible. Within 30 days: Monitor vendor advisories for patch availability; conduct forensic analysis of affected systems for signs of exploitation; develop transition plan to patched versions once available.

Is Universal Bacnet Router Firmware affected by CVE-2025-41758?

CVE-2025-41758 is a critical vulnerability affecting the wwupload.cgi endpoint that allows remote attackers to write arbitrary files and completely compromise affected systems. Organizations using vulnerable devices face immediate risk of unauthorized access, data theft, and operational disruption.

CVE-2025-41758

HIGH

2026-03-09 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:56 vuln.today

CVE Published

Mar 09, 2026 - 09:15 nvd

HIGH 8.8

Description

A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and achieving a full system compromise.

Analysis

Technical Context

Classified as CWE-22 (Path Traversal). Affects the wwupload.cgi component of Universal Bacnet Router Firmware. A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and achieving a full system compromise.

Affected Products

Vendor: Mbs-Solutions. Product: Universal Bacnet Router Firmware. Component: wwupload.cgi.

Remediation

Monitor vendor advisories for a patch. Validate and sanitize file path inputs. Use allowlists. Restrict network access to the affected service where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.2

CVSS: +44

POC: 0

CVE-2025-41758 vulnerability details – vuln.today

Back

CVE-2025-41758

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-41758

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code