Home > Vulnerability Database > CVE-2025-46348

Mend.io Vulnerability Database

CVE-2025-46348

Good to know:

Date: April 29, 2025

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create and download an archive without being authenticated. This could result in a malicious attacker making numerous requests to create archives and fill up the file system, or by downloading the archive which contains sensitive site information. This issue has been patched in version 4.5.4.

Severity Score

10.0

Related Resources (5)

Url: https://github.com/YesWiki/yeswiki/commit/0d4efc880a727599fa4f6d7a64cc967afe475530

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-46348

Url: https://github.com/YesWiki/yeswiki/security/advisories/GHSA-wc9g-6j9w-hr95

Url: https://github.com/YesWiki/yeswiki

Url: https://www.mend.io/vulnerability-database/CVE-2025-46348

Severity Score

10.0

Weakness Type (CWE)

Improper Authentication

CWE-287

Missing Authorization

CWE-862

Top Fix

Upgrade Version

Upgrade to version yeswiki/yeswiki - v4.5.4

Learn More

CVSS v3.1

Base Score:	10.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-46348

Good to know:

Date: April 29, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?