Skip to content

A vulnerability was detected in ThingsBoard 4.1. This...

Moderate severity Unreviewed Published Aug 18, 2025 to the GitHub Advisory Database

Package

No package listedSuggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

A vulnerability was detected in ThingsBoard 4.1. This vulnerability affects unknown code of the component Add Gateway Handler. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor replies, that "[t]he fix will come within upcoming release (v4.2) and will be inherited by maintenance releases of LTS versions (starting 4.0)."

References

Published by the National Vulnerability Database Aug 17, 2025
Published to the GitHub Advisory Database Aug 18, 2025

Severity

Moderate

EPSS score

Weaknesses

Incomplete Filtering of Special Elements

The product receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component. Learn more on MITRE.

CVE ID

CVE-2025-9094

GHSA ID

GHSA-f339-r2mr-9cr3

Source code

No known source code

Dependabot alerts are not supported on this advisory because it does not have a package from a supported ecosystem with an affected and fixed version.

Learn more about GitHub language support

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.