CVE-2025-46348

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Apr 29, 2025
Updated: May 9, 2025
CWE ID 287
CWE ID 862

Summary

CVE-2025-46348 is a vulnerability affecting YesWiki, a PHP-based wiki system. Before version 4.5.4, the system allowed unauthenticated users to initiate and download site backups, which were predictably named. An attacker could exploit this flaw by creating numerous backup requests, potentially filling up the file system, or by downloading sensitive site information through unauthorized archive access. Version 4.5.4 patches this issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share