PT-2026-24027 · Ubr · Ubr
Adrien Rey
+1
·
Published
2026-03-09
·
Updated
2026-03-12
·
CVE-2025-41757
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
UBR (affected versions not specified)
Description
A remote attacker with limited privileges can misuse the backup restore functionality of
ubr-restore, which operates with elevated privileges. The software does not validate the contents of the backup archive, allowing an attacker to create or overwrite arbitrary files on the system.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ubr