CVE-2025-9094

216.73.216.233

· Published 17/08/2025 23:15 · Modified 17/08/2025 23:15

Labels: CVE-2025-9094 2025-08-17 CVE-2025-9094 CWE-791 [email protected]

Essential information

Published: 17/08/2025 23:15
Modified: 17/08/2025 23:15
Author: —
Creator: —
CVSS: 5.3 MEDIUM (v3) 5.3 MEDIUM (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

A vulnerability was detected in ThingsBoard 4.1. This vulnerability affects unknown code of the component Add Gateway Handler. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor replies, that "[t]he fix will come within upcoming release (v4.2) and will be inherited by maintenance releases of LTS versions (starting 4.0)."

NVD status

Status: Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
thingsboard / thingsboard	`cpe:2.3:a:thingsboard:thingsboard:4.1:::::::*`
thingsboard / thingsboard	`cpe:2.3:a:thingsboard:thingsboard:4.2:::::::*`