PT-2025-22370 · Typo3 · Ns Backup
Published
2025-05-20
·
Updated
2025-12-27
·
CVE-2025-48201
CVSS v3.1
8.6
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ns backup extension for TYPO3 version 13.0.0 and earlier
Description
The issue concerns a Predictable Resource Location in the ns backup extension for TYPO3. This allows an unauthenticated remote user to download created backups and configuration files.
Recommendations
For versions 13.0.0 and earlier, consider disabling the ns backup extension until a patch is available to prevent unauthenticated access to backups and configuration files.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ns Backup