CVE-2025-68456

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Craft versions 5.0.0-RC1 through 5.8.20 Craft versions 3.0.0 through 4.16.16

Description Unauthenticated users can initiate database backup operations through certain administrative actions. This could lead to resource exhaustion or information disclosure.

Recommendations Update to Craft version 5.8.21. Update to Craft version 4.16.17. Craft 3 users should update to the latest Craft 4 and 5 releases.

Exploit

Fix

RCE

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-202CWE-770

Related Identifiers

CVE-2025-68456

GHSA-V64R-7WG9-23PR

Affected Products

Craft

CVE-2025-68456

Weakness Enumeration

Related Identifiers

Affected Products

References · 12