CVE-2025-48204

CVSS v3.1

6.8

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions ns backup extension for TYPO3 versions through 13.0.0

Description The issue allows command injection when creating a backup. An authenticated backend user with access to the extension's backend module is required to exploit this issue.

Recommendations For versions through 13.0.0, update to a version that contains a fix for this issue to prevent command injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-78

Related Identifiers

BDU:2025-05999

CVE-2025-48204

GHSA-463C-JHP2-4MM7

Affected Products

Ns Backup

CVE-2025-48204

Weakness Enumeration

Related Identifiers

Affected Products

References · 9