CVE-2025-48201

HIGH8.6EPSS 0.29%

The Backup Plus extension for TYPO3 (ns_backup) has a Predictable Resource Location

發布日:2025/5/21修改日:2025/5/21

描述

The ns_backup extension through 13.0.0 for TYPO3 has a Predictable Resource Location. This allows an unauthenticated remote user to download created backups and configuration files.

受影響套件(1)

Packagist/nitsan/ns-backupfrom 0, < 13.0.1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

參考連結(5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-48201
PATCHhttps://github.com/nitsan-technologies/ns_backup
WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/nitsan/ns-backup/CVE-2025-48201.yaml
WEBhttps://github.com/nitsan-technologies/ns_backup/commit/67b8102a19e8e516dc4228f5c42f9e4fba5046cb
WEBhttps://typo3.org/security/advisory/typo3-ext-sa-2025-007