CVE-2025-46348
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Apr 29, 2025
Updated: May 9, 2025
CWE ID 287
CWE ID 862
Summary
CVE-2025-46348 is a vulnerability affecting YesWiki, a PHP-based wiki system. Before version 4.5.4, the system allowed unauthenticated users to initiate and download site backups, which were predictably named. An attacker could exploit this flaw by creating numerous backup requests, potentially filling up the file system, or by downloading sensitive site information through unauthorized archive access. Version 4.5.4 patches this issue.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Yeswiki