CVE-2025-48201
HIGH8.6EPSS 0.29%The Backup Plus extension for TYPO3 (ns_backup) has a Predictable Resource Location
Published: 5/21/2025Modified: 5/21/2025
Description
The ns_backup extension through 13.0.0 for TYPO3 has a Predictable Resource Location. This allows an unauthenticated remote user to download created backups and configuration files.
Affected packages (1)
- Packagist/nitsan/ns-backupfrom 0, < 13.0.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.6 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N |
References (5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-48201
- PATCHhttps://github.com/nitsan-technologies/ns_backup
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/nitsan/ns-backup/CVE-2025-48201.yaml
- WEBhttps://github.com/nitsan-technologies/ns_backup/commit/67b8102a19e8e516dc4228f5c42f9e4fba5046cb
- WEBhttps://typo3.org/security/advisory/typo3-ext-sa-2025-007