CVE-2025-41759
Improper Input Validation in Network Blocking Causes Bypass
Publication date: 2026-03-09
Last updated on: 2026-03-11
Assigner: CERT VDE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mbs-solutions | universal_bacnet_router_firmware | to 6.0.1.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-636 | When the product encounters an error condition or failure, its design requires it to fall back to a state that is less secure than other options that are available, such as selecting the weakest encryption algorithm or using the most permissive access control restrictions. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know
Can you explain this vulnerability to me?
This vulnerability occurs when an administrator tries to block all networks by using the identifiers "*" or "all". These values are not supported and do not cause any validation errors. Instead, they are silently interpreted as network 0, which means that no networks are actually blocked.
How can this vulnerability impact me? :
Because the intended network blocking does not occur, an administrator's attempt to block all networks will fail silently. This can lead to unintended network access, potentially exposing systems or data to unauthorized network traffic.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know