CVE-2025-9094 – ThingsBoard Template Engine Remote Code Injection Vulnerability

CVE ID : CVE-2025-9094

Published : Aug. 17, 2025, 11:15 p.m. | 53 minutes ago

Description : A vulnerability was detected in ThingsBoard 4.1. This vulnerability affects unknown code of the component Add Gateway Handler. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor replies, that “[t]he fix will come within upcoming release (v4.2) and will be inherited by maintenance releases of LTS versions (starting 4.0).”

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…