Command Injection Vulnerability in TYPO3 ns_backup Extension
CVE-2025-48204

6.8MEDIUM

Key Information:

Vendor: Typo3
Status: Ns Backup Extension
Vendor: CVE Published:; 21 May 2025

What is CVE-2025-48204?

The ns_backup extension for TYPO3 versions up to 13.0.0 is vulnerable to command injection attacks, allowing attackers to execute arbitrary commands on the server. This security flaw can be exploited without proper authentication, leading to potential unauthorized access and control over sensitive system functionalities. Users are advised to update to the latest version to mitigate this risk.

Affected Version(s)

ns backup extension 0 < 13.0.1

References

https://typo3.org/security/advisory/typo3-ext-sa-2025-007

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 21, 2025
Vulnerability Reserved
May 17, 2025

Typo3

What is CVE-2025-48204?

Affected Version(s)

References

CVSS V3.1

Timeline