PT-2026-24031 · Tcpdump+2 · Tcpdump+2
Adrien Rey
+1
·
Published
2026-03-09
·
Updated
2026-03-12
·
CVE-2025-41761
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
UBR (affected versions not specified)
Description
A local attacker with limited privileges who gains access to the UBR service account, for example through SSH, can escalate their privileges to achieve full system access. This is possible because the service account is allowed to execute specific binaries, such as
tcpdump and ip, using sudo.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
LPE
Argument Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ubr
Ip
Tcpdump