CVE-2025-41765 is a critical vulnerability affecting the wwwupload.cgi endpoint due to insufficient authorization enforcement. An unauthorized remote attacker can exploit this weakness to upload and apply arbitrary data including contact images, HTTPS certificates, system backups, server peer configurations, and BACnet/SC server certificates and keys. The vulnerability allows complete bypass of upload restrictions, potentially leading to system compromise through malicious file uploads. This affects various system components including certificate management and backup restoration functionality.