Skip to main content

Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

© 2026 Mondoo, Inc.

Log in Get Assessment

CVE-2025-41762 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceCVE-2025-41762

CVE-2025-41762

MEDIUM6.2

Secret leak with wwwdnload.cgi

Published Mar 9, 2026

Modified 1 months ago

Details

An unauthenticated attacker can abuse the weak hash of the backup generated by the wwwdnload.cgi endpoint to gain unauthorized access to sensitive data, including password hashes and certificates.

References

https://www.cve.org/CVERecord?id=CVE-2025-41762

https://www.mbs-solutions.de/mbs-2025-0001

CVSS Analysis

CVSS v3.1

6.2

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

NoneI:N

Availability

NoneA:N

6.2/CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weakness Type (CWE)

Cryptography

Ecosystems

Timeline

PublishedMar 9, 2026

ModifiedMar 9, 2026