Platform
other
Component
ubr-ubr-restore
Fixed in
6.0.1.0
6.0.1.0
6.0.1.0
CVE-2025-41757 describes a critical vulnerability in UBR (ubr-restore), a backup and restore utility. This flaw allows a low-privileged remote attacker to leverage the backup restore functionality, which operates with elevated privileges, to create or overwrite arbitrary files on the system. Affected versions include those from 0.0.0 through 6.0.1.0; a fix is available in version 6.0.1.0.
The impact of this vulnerability is severe. An attacker can exploit it to gain arbitrary file write access, effectively bypassing file system permissions. This could lead to the creation of malicious executables, modification of critical system files, or the insertion of backdoors. Successful exploitation could result in complete system compromise, including privilege escalation to root or SYSTEM level. The ability to overwrite arbitrary files significantly expands the attack surface and allows for persistent access and control over the affected system. The lack of validation on the backup archive contents is the root cause, making it trivial for an attacker to craft a malicious archive.
CVE-2025-41757 was publicly disclosed on 2026-03-09. Its severity is rated HIGH with a CVSS score of 8.8. There is currently no indication of active exploitation or inclusion in the CISA KEV catalog. Public proof-of-concept (PoC) code is not yet available, but the vulnerability's nature makes it likely that one will be developed.
Exploit Status
EPSS
0.08% (23% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to immediately upgrade to version 6.0.1.0 or later, which addresses the vulnerability. If upgrading is not immediately feasible, consider implementing strict access controls on the backup restore functionality, limiting who can initiate restores. Network segmentation can also help to isolate the UBR (ubr-restore) service and limit the potential blast radius. Monitor system logs for unusual file creation or modification activity, particularly in sensitive system directories. Consider implementing a Web Application Firewall (WAF) to filter potentially malicious backup archive uploads, although this is not a complete solution.
Actualice UBR a la versión 6.0.1.0 o posterior. Esto corrige la vulnerabilidad de escritura arbitraria al validar correctamente el contenido del archivo de copia de seguridad antes de restaurarlo.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-41757 is a HIGH severity vulnerability in UBR (ubr-restore) allowing remote attackers to create or overwrite files, potentially leading to system compromise.
Yes, if you are using UBR (ubr-restore) versions 0.0.0 through 6.0.1.0, you are potentially affected by this vulnerability.
Upgrade to version 6.0.1.0 or later to remediate the vulnerability. Implement access controls as an interim measure.
There is currently no confirmed evidence of active exploitation, but the vulnerability's nature makes it a likely target.
Refer to the official UBR (ubr-restore) documentation and security advisories for the most up-to-date information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.