CVE-2025-9094

Medium CVSS: 5.3

A vulnerability was detected in ThingsBoard 4.1. This vulnerability affects unknown code of the component Add Gateway Handler. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor replies, that "[t]he fix will come within upcoming release (v4.2) and will be inherited by maintenance releases of LTS versions (starting 4.0)."

Vendor

Thingsboard

Product

Thingsboard

CWE

CWE-791

Yayın Tarihi

2025-08-17 23:15:27

Güncelleme

2025-12-03 13:41:23

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-791 Thingsboard MEDIUM Thingsboard 2025

Referanslar

https://drive.google.com/file/d/1cZy-rfQXsF58kJIVs4UXj7usXJuhjZjA/view https://vuldb.com/?ctiid.320416 https://vuldb.com/?id.320416 https://vuldb.com/?submit.626292

Benzer Kayıtlar

Medium

CVE-2025-34281

ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Galle…

Medium

CVE-2025-34282

ThingsBoard versions < 4.2.1 contain a server-side request forgery (SSRF) vulnerability in the dashboard's Image Upload…

Medium

CVE-2024-55466

An arbitrary file upload vulnerability in the Image Gallery of ThingsBoard Community, ThingsBoard Cloud and ThingsBoard…