CVE-2025-41772

Published Mar 9, 2026

Last updated 7 hours ago

CVSS high 7.5

Overview

Description
An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cgi endpoint in UBR.
Source
info@cert.vde.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
HIGH

Weaknesses

info@cert.vde.com
CWE-598

Social media

Hype score
Not currently trending

  1. CVE-2025-41772 Unauthenticated Session Token Exposure in UBR via wwwupdate.cgi Endpoint https://t.co/L0y485v2hC

    @VulmonFeeds

    9 Mar 2026

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.