CVE-2025-41772

High

An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the…

CERTVDE·CWE-598·Published 2026-03-09

CVSS

7.5

EPSS

0.00

KEV

Exploits

cve.orgen

168 chars

An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cgi endpoint in UBR.

NVDen

168 chars

An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cgi endpoint in UBR.

NVDes

180 chars

Un atacante remoto no autenticado puede obtener tokens de sesión válidos porque están expuestos en texto plano dentro de los parámetros de la URL del endpoint wwwupdate.cgi en UBR.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.1	Primary	cve.org	7.5	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N