Predictable Resource Location Vulnerability in TYPO3 ns_backup Extension
CVE-2025-48201

8.6HIGH

Key Information:

Vendor: Typo3
Status: Ns Backup Extension
Vendor: CVE Published:; 21 May 2025

What is CVE-2025-48201?

The ns_backup extension for TYPO3 allows attackers to predict the locations of sensitive resources, potentially leading to unauthorized access or data disclosure. This vulnerability affects versions up to 13.0.0, necessitating urgent attention from users to safeguard their systems. For more detailed insights, visit the TYPO3 security advisory.

Affected Version(s)

ns backup extension 0 < 13.0.1

References

https://typo3.org/security/advisory/typo3-ext-sa-2025-007

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 21, 2025
Vulnerability Reserved
May 17, 2025

Typo3

What is CVE-2025-48201?

Affected Version(s)

References

CVSS V3.1

Timeline