CVE-2025-9094

Exploit

EPSS 0.27%
Veröffentlicht 17.08.2025 22:32:05
Zuletzt bearbeitet 29.04.2026 01:00:01
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

ThingsBoard Add Gateway special elements used in a template engine

A vulnerability was detected in ThingsBoard 4.1. This vulnerability affects unknown code of the component Add Gateway Handler. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor replies, that "[t]he fix will come within upcoming release (v4.2) and will be inherited by maintenance releases of LTS versions (starting 4.0)."

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Thingsboard ≫ Thingsboard Version4.1

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.27%	0.183

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@vuldb.com	2.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
cna@vuldb.com	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N

CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine

The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.

CWE-791 Incomplete Filtering of Special Elements

The product receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component.

https://vuldb.com/?id.320416

Third Party Advisory

VDB Entry

https://vuldb.com/?ctiid.320416

VDB Entry

Permissions Required

https://vuldb.com/?submit.626292

Third Party Advisory

VDB Entry

https://drive.google.com/file/d/1cZy-rfQXsF58kJIVs4UXj7usXJuhjZjA/view

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2025-9094

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-9094

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-9094

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-9094