CVE-2025-9094
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-17

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was detected in ThingsBoard 4.1. This vulnerability affects unknown code of the component Add Gateway Handler. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor replies, that "[t]he fix will come within upcoming release (v4.2) and will be inherited by maintenance releases of LTS versions (starting 4.0)."
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-17
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-08-18
EPSS Evaluated
2026-05-05
NVD
CVE-2025-9094
EUVD
EUVD-2025-25105
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
thingsboard thingsboard 4.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1336 The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.
CWE-791 The product receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in ThingsBoard 4.1 affects the Add Gateway Handler component, where improper neutralization of special elements used in a template engine allows an attacker to manipulate the system remotely. This means that special characters or code elements are not properly handled, potentially enabling malicious input to be executed or processed in unintended ways.


How can this vulnerability impact me? :

The vulnerability can be exploited remotely to manipulate the template engine, which may lead to unintended behavior or security issues within the affected ThingsBoard system. Although the exact impact is not detailed, such vulnerabilities typically risk data integrity or system stability. The vendor plans to fix this in version 4.2 and subsequent maintenance releases.


What immediate steps should I take to mitigate this vulnerability?

The vendor has stated that a fix will be included in the upcoming ThingsBoard release v4.2 and maintenance releases of LTS versions starting from 4.0. Until the fix is available, it is recommended to monitor for updates from the vendor and apply the patch as soon as it is released. Additionally, consider limiting remote access to the affected component and applying general security best practices to reduce exposure.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart