PT-2026-27778 · Unknown · N2Ws Backup & Recovery
Published
2026-03-25
·
Updated
2026-03-25
·
CVE-2025-32991
CVSS v3.1
9.0
Critical
| AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
N2WS Backup & Recovery versions prior to 4.4.0
Description
A two-step attack against the RESTful API can lead to remote code execution. The attack targets the API, potentially allowing an attacker to execute arbitrary code on the system. The API endpoints and vulnerable parameters are not specified.
Recommendations
Update to version 4.4.0 or later.
Fix
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
N2Ws Backup & Recovery