CVE-2025-41765

Name of the Vulnerable Software and Affected Versions Versions prior to 2025-41765

Description Insufficient authorization enforcement allows a remote attacker to upload and apply arbitrary data through the wwwupload.cgi endpoint. This includes contact images, HTTPS certificates, system backups, server peer configurations, and BACnet/SC server certificates and keys. The wwwupload.cgi API endpoint is vulnerable to unauthorized data uploads.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.