Home > Vulnerability Database > CVE-2025-68456

Mend.io Vulnerability Database

CVE-2025-68456

Good to know:

Date: January 5, 2026

Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 3.0.0 through 4.16.16, unauthenticated users can trigger database backup operations via specific admin actions, potentially leading to resource exhaustion or information disclosure. Users should update to the patched versions (5.8.21 and 4.16.17) to mitigate the issue. Craft 3 users should update to the latest Craft 4 and 5 releases, which include the fixes.

Severity Score

9.1

Related Resources (6)

Url: https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5821---2025-12-04

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-68456

Url: https://github.com/craftcms/cms/security/advisories/GHSA-v64r-7wg9-23pr

Url: https://github.com/craftcms/cms/commit/f83d4e0c6b906743206b4747db4abf8164b8da39

Url: https://github.com/craftcms/cms

Url: https://www.mend.io/vulnerability-database/CVE-2025-68456

Severity Score

9.1

Weakness Type (CWE)

Allocation of Resources Without Limits or Throttling

CWE-770

Exposure of Sensitive Information Through Data Queries

CWE-202

Top Fix

Upgrade Version

Upgrade to version craftcms/cms - 4.16.17;craftcms/cms - 5.8.21;https://github.com/craftcms/cms.git - 4.16.17;https://github.com/craftcms/cms.git - 5.8.21

Learn More

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-68456

Good to know:

Date: January 5, 2026

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?