CVE-2025-41763 is a vulnerability classified under CWE-497, which pertains to the exposure of sensitive system information to unauthorized control spheres. The affected product is the MBS UBR-01 Mk II, a device whose specific function is not detailed here but likely related to network or telecommunications infrastructure. The vulnerability allows a remote attacker with low privileges to directly interact with the wwwdnload.cgi endpoint. This CGI endpoint is intended for administrative use and permits downloading of sensitive resources, including system backups and certificate request files. These files can contain critical information such as system configurations, cryptographic keys, and credentials, which if compromised, could facilitate further attacks or unauthorized system access. The CVSS v3.1 base score is 6.5, indicating a medium severity level. The vector string (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) indicates that the attack can be performed remotely over the network with low attack complexity, requires low privileges, no user interaction, and impacts confidentiality with high severity but does not affect integrity or availability. No patches or known exploits are currently reported, but the vulnerability's nature suggests it could be leveraged for reconnaissance or preparation for more severe attacks. The vulnerability was published in March 2026, with the CVE reserved in April 2025. The lack of patch links suggests that remediation may not yet be available, emphasizing the need for interim mitigations.

The primary impact of CVE-2025-41763 is the unauthorized disclosure of sensitive system information. Attackers exploiting this vulnerability can obtain system backups and certificate request files, which may contain sensitive configuration data, cryptographic keys, and credentials. This exposure can lead to significant confidentiality breaches, enabling attackers to conduct further attacks such as impersonation, man-in-the-middle attacks, or unauthorized system access. While the vulnerability does not directly affect system integrity or availability, the information gained can be leveraged to compromise these aspects indirectly. Organizations relying on MBS UBR-01 Mk II devices, especially in critical infrastructure, telecommunications, or enterprise environments, face increased risk of targeted attacks. The ease of exploitation (low privileges, no user interaction) increases the likelihood of exploitation attempts. The absence of known exploits in the wild currently limits immediate widespread impact, but the vulnerability remains a significant risk if weaponized. Data confidentiality loss could also lead to regulatory compliance issues and reputational damage.

1. Restrict access to the wwwdnload.cgi endpoint by implementing network segmentation and firewall rules to limit access only to trusted administrative hosts. 2. Employ strong authentication and authorization controls to ensure only authorized personnel can access administrative interfaces. 3. Monitor and log all access attempts to the wwwdnload.cgi endpoint, and set up alerts for unusual or unauthorized download activities. 4. If possible, disable or remove the wwwdnload.cgi endpoint if it is not essential for operations. 5. Regularly audit device configurations and backup files to detect any unauthorized access or changes. 6. Engage with the vendor (MBS) to obtain patches or firmware updates addressing this vulnerability as soon as they become available. 7. Consider deploying intrusion detection/prevention systems (IDS/IPS) to detect exploitation attempts targeting this CGI endpoint. 8. Educate network and security teams about this vulnerability to ensure rapid response to any suspicious activity. 9. Implement encryption and secure storage for backups and certificate files to minimize the impact if accessed. 10. Conduct penetration testing and vulnerability assessments focused on administrative interfaces to identify similar weaknesses.