VYPR
Unrated severityNVD Advisory· Published Mar 9, 2026· Updated Mar 9, 2026

Arbitrary Read with ubr-logread

CVE-2025-41755

Description

A low-privileged remote attacker can exploit the ubr-logread method in wwwubr.cgi to read arbitrary files on the system. The endpoint accepts a parameter specifying the log file to open (e.g., /tmp/weblog{some_number}), but this parameter is not properly validated, allowing an attacker to modify it to reference any file and retrieve its contents.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • MBS/UBR-01 Mk IIv5
    Range: 0.0.0
  • MBS/UBR-02v5
    Range: 0.0.0
  • MBS/UBR-LONv5
    Range: 0.0.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.