CVE-2025-9094 is a medium-severity vulnerability identified in ThingsBoard version 4.1, specifically within the Add Gateway Handler component. The root cause of the vulnerability is improper neutralization of special elements used in a template engine, which can lead to injection attacks or unintended code execution within the template processing context. This vulnerability can be exploited remotely without requiring user interaction or elevated privileges, making it a significant risk for exposed ThingsBoard instances. The vulnerability allows an attacker to manipulate template elements, potentially leading to partial integrity loss or unauthorized data manipulation within the ThingsBoard platform. The vendor has acknowledged the issue and plans to release a fix in version 4.2, with backported patches for Long-Term Support (LTS) versions starting from 4.0. Although no known exploits are currently observed in the wild, the public disclosure increases the risk of exploitation attempts. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:L, which is low but not none), no user interaction (UI:N), and limited impact on confidentiality and integrity (VI:L) with no impact on availability or scope changes. This suggests the vulnerability allows some level of unauthorized manipulation but is not trivially exploitable to cause full system compromise or denial of service. The vulnerability is particularly relevant to organizations using ThingsBoard for IoT device management and telemetry, where template engines are used to process device data or commands, potentially allowing attackers to inject malicious templates or commands remotely.

For European organizations deploying ThingsBoard 4.1, this vulnerability poses a risk to the integrity and reliability of IoT device management and monitoring systems. Exploitation could lead to unauthorized manipulation of device data or commands, potentially disrupting operational processes or causing incorrect telemetry data to be processed. This can affect sectors relying heavily on IoT infrastructure such as manufacturing, smart cities, energy management, and healthcare. While the vulnerability does not directly compromise confidentiality or availability, the integrity impact could lead to operational errors or safety risks if malicious templates alter device behavior. Given the remote exploitability and lack of user interaction required, attackers could target exposed ThingsBoard instances over the internet or internal networks. The medium severity rating suggests that while the threat is notable, it is not critical; however, the public disclosure increases the urgency for patching to prevent exploitation. Organizations with critical IoT deployments should prioritize mitigation to maintain system trustworthiness and avoid cascading effects on dependent systems.

European organizations should immediately inventory their ThingsBoard deployments to identify any running version 4.1 or earlier LTS versions susceptible to this vulnerability. Until the vendor releases the patch in version 4.2 and backported LTS fixes, organizations should implement strict network segmentation and firewall rules to restrict access to ThingsBoard management interfaces, limiting exposure to trusted internal networks only. Employing Web Application Firewalls (WAFs) with custom rules to detect and block suspicious template injection patterns can provide temporary protection. Monitoring logs for unusual template processing errors or unexpected device command patterns is advised to detect potential exploitation attempts. Organizations should plan and test the upgrade to ThingsBoard 4.2 or later as soon as the patch is available, ensuring compatibility with existing IoT infrastructure. Additionally, applying the principle of least privilege to ThingsBoard service accounts and restricting template editing permissions can reduce the risk of exploitation. Regular security assessments and penetration testing focusing on IoT management platforms will help identify residual risks.