EUVD-2025-208382

🗓️ 09 Mar 2026 09:30:30Reported by EUVDType

Unauthenticated attacker can obtain valid session tokens exposed in plaintext URL parameters at the web update endpoint in UBR.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2025-41772	9 Mar 202608:18	–	attackerkb
CNNVD	MBS多款产品安全漏洞	9 Mar 202600:00	–	cnnvd
CVE	CVE-2025-41772	9 Mar 202608:18	–	cve
Cvelist	CVE-2025-41772 wwwupdate.cgi Session token in URL	9 Mar 202608:18	–	cvelist
EUVD	EUVD-2025-208383	9 Mar 202609:30	–	euvd
NVD	CVE-2025-41772	9 Mar 202609:16	–	nvd
Positive Technologies	PT-2026-24038	9 Mar 202600:00	–	ptsecurity
RedhatCVE	CVE-2025-41772	10 Mar 202614:08	–	redhatcve
Vulnrichment	CVE-2025-41772 wwwupdate.cgi Session token in URL	9 Mar 202608:18	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "e7f7b681-8b8b-36df-aa20-e5a2bfb35b41",
        "vendor": {
          "name": "MBS"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "47da81fb-1c01-3e80-bab7-8bd753d476a8",
        "product": {
          "name": "UBR-LON"
        },
        "product_version": "0.0.0 <6.0.1.0"
      },
      {
        "id": "69e65780-e288-31ed-83f4-84ef58594ea7",
        "product": {
          "name": "UBR-02"
        },
        "product_version": "0.0.0 <6.0.1.0"
      },
      {
        "id": "bae564ee-5c53-3e4e-9d50-13539a6fc265",
        "product": {
          "name": "UBR-01 Mk II"
        },
        "product_version": "0.0.0 <6.0.1.0"
      }
    ]
  }
]

Source	Link
mbs-solutions	www.mbs-solutions.de/mbs-2025-0001
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-41772

09 Mar 2026 09:30Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.17.5

EPSS0.00057

SSVC