CVE-2025-9094 | ThingsBoard 4.1 Add Gateway special elements used in a template engine

A vulnerability marked as critical has been reported in ThingsBoard 4.1. This vulnerability affects unknown code of the component Add Gateway Handler. The manipulation leads to improper neutralization of special elements used in a template engine.

This vulnerability was named CVE-2025-9094. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor replies, that “[t]he fix will come within upcoming release (v4.2) and will be inherited by maintenance releases of LTS versions (starting 4.0).”VulDB Recent EntriesRead More