How to fix CVE-2025-41765?

Within 24 hours: Identify all systems running affected software and isolate critical instances from internet-facing networks. Within 7 days: Implement network segmentation to restrict access to wwwupload.cgi endpoints, deploy WAF rules to block unauthorized upload requests, and enable enhanced logging on affected systems. Within 30 days: Monitor vendor advisories for patch availability and establish a testing environment to validate and deploy patches immediately upon release.

Is Universal Bacnet Router Firmware affected by CVE-2025-41765?

CVE-2025-41765 is a critical vulnerability in the wwwupload.cgi endpoint that allows unauthorized attackers to upload and execute arbitrary data without authentication.

CVE-2025-41765

CRITICAL

2026-03-09 [email protected]

9.1

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:56 vuln.today

CVE Published

Mar 09, 2026 - 09:16 nvd

CRITICAL 9.1

Description

Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and BACnet/SC server certificates and keys.

Analysis

Unauthorized file upload via wwwupload.cgi endpoint. Same product as CVE-2025-41764 — second unauthorized upload vector.

Technical Context

CWE-862 missing authorization on file upload. Complements firmware upload vulnerability.

Affected Products

['Affected device with wwwupload.cgi']

Remediation

Apply vendor patch.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +46

POC: 0

CVE-2025-41765 vulnerability details – vuln.today

Back

CVE-2025-41765

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-41765

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code