CVE-2025-41755

Name of the Vulnerable Software and Affected Versions wwwubr versions (affected versions not specified)

Description A remote attacker with limited privileges can exploit the ubr-logread method in the ''wwwubr.cgi'' endpoint to read arbitrary files on the system. The endpoint accepts a parameter that specifies the log file to open, such as /tmp/weblog{some number}, but this parameter lacks proper validation. This allows an attacker to modify the parameter to reference any file and retrieve its contents. The vulnerable parameter is some number.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.