Command Injection Vulnerability in TYPO3 ns_backup Extension
CVE-2025-9573

8.6HIGH

Key Information:

Vendor: Typo3
Status: Extension "typo3 Backup Plus"
Vendor: CVE Published:; 2 September 2025

What is CVE-2025-9573?

The ns_backup extension for TYPO3 versions up to 13.0.2 has a critical flaw that allows for command injection. This vulnerability enables attackers to execute arbitrary commands on the server, potentially leading to unauthorized access and data breaches. It is essential for TYPO3 users to apply security measures and follow best practices to protect against this serious threat.

Affected Version(s)

Extension "TYPO3 Backup Plus" 0 <= 13.0.2

References

https://typo3.org/security/advisory/typo3-ext-sa-2025-011

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 2, 2025
Vulnerability Reserved
Aug 28, 2025

Credit

Swiss NCSC Vulnerability Management Team

JSON

Typo3

What is CVE-2025-9573?

Affected Version(s)

References

CVSS V4

Timeline

Credit