CVE-2025-41757 is a path traversal vulnerability classified under CWE-22 affecting the MBS UBR-01 Mk II device. The vulnerability arises from improper validation of backup archive contents in the backup restore functionality (ubr-restore), which operates with elevated privileges. An attacker with low privileges can remotely exploit this flaw by crafting a malicious backup archive that includes path traversal sequences (e.g., ../) to escape the intended directory restrictions. Because the restore process does not sanitize or limit the paths within the archive, the attacker can create or overwrite arbitrary files anywhere on the system, including critical system files or configuration files. This can lead to privilege escalation, arbitrary code execution, or denial of service by corrupting essential files. The vulnerability does not require user interaction and has a low attack complexity, making it highly exploitable. The affected version is listed as 0.0.0, which likely indicates an initial or default version identifier, suggesting all current versions may be vulnerable until patched. No patches or exploit code are currently publicly available, but the high CVSS score (8.8) reflects the significant risk posed by this vulnerability. The vulnerability was reserved in April 2025 and published in March 2026, indicating a recent discovery and disclosure timeline.

The impact of CVE-2025-41757 is substantial for organizations using the MBS UBR-01 Mk II backup devices. Successful exploitation allows attackers to overwrite or create arbitrary files with elevated privileges, potentially leading to full system compromise. This could result in unauthorized access to sensitive data, disruption of backup and restore operations, and the ability to implant persistent malware or backdoors. Critical infrastructure relying on these devices for data protection could face operational outages or data integrity issues. The vulnerability affects confidentiality by exposing or modifying sensitive files, integrity by allowing unauthorized file changes, and availability by potentially disabling backup functionality or causing system instability. Given the remote exploitability and low complexity, attackers can leverage this vulnerability for lateral movement within networks or to escalate privileges, increasing the overall risk to enterprise environments globally.

To mitigate CVE-2025-41757, organizations should immediately apply any available patches or firmware updates from MBS once released. In the absence of patches, restrict network access to the backup restore functionality to trusted administrators only, using network segmentation and firewall rules. Implement strict access controls and monitoring on systems running UBR-01 Mk II devices to detect unusual file modifications or restore operations. Validate and audit backup archives before restoration to ensure they do not contain malicious path traversal payloads. Employ intrusion detection systems (IDS) and endpoint detection and response (EDR) tools to identify exploitation attempts. Additionally, consider disabling remote restore functionality if not essential or replacing vulnerable devices with alternatives that have proper input validation. Regularly review and update backup and restore procedures to incorporate security best practices and reduce attack surface.