Login Sign Up

CVE-2025-46348

10.0 CRITICAL
Authentication Bypass Denial of Service

📋 TL;DR

CVE-2025-46348 is an authentication bypass vulnerability in YesWiki that allows unauthenticated attackers to trigger and download site backups. The predictable backup filenames enable attackers to fill up disk space through repeated requests or exfiltrate sensitive site data. All YesWiki installations prior to version 4.5.4 are affected.

💻 Affected Systems

Products:
  • YesWiki
Versions: All versions prior to 4.5.4
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations are vulnerable; no special configuration required for exploitation.

📦 What is this software?

Yeswiki by Yeswiki

View all CVEs affecting Yeswiki →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete site compromise through sensitive data exfiltration (database credentials, user data, configuration files) and denial of service via disk exhaustion.

🟠

Likely Case

Unauthorized backup downloads exposing sensitive site information and potential disk space exhaustion attacks.

🟢

If Mitigated

Minimal impact with proper authentication controls and monitoring in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Simple HTTP requests to backup endpoints with predictable filenames; trivial to automate.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.5.4

Vendor Advisory: https://github.com/YesWiki/yeswiki/security/advisories/GHSA-wc9g-6j9w-hr95

Restart Required: No

Instructions:

1. Backup your YesWiki installation. 2. Download YesWiki 4.5.4 from official repository. 3. Replace existing files with new version. 4. Verify authentication is required for backup functionality.

🔧 Temporary Workarounds

Block Backup Endpoints

all

Use web server configuration to block unauthenticated access to backup endpoints

# Apache: RewriteRule ^/backup - [F]
# Nginx: location ~ /backup { deny all; }

Implement Rate Limiting

linux

Limit requests to backup endpoints to prevent disk exhaustion attacks

# Using fail2ban or similar tools to limit backup endpoint requests

🧯 If You Can't Patch

  • Implement strict network access controls to limit YesWiki access to trusted users only
  • Monitor disk usage and backup directory for unusual activity or rapid file creation

🔍 How to Verify

Check if Vulnerable:

Attempt to access /backup endpoint without authentication; if backup can be triggered/downloaded, system is vulnerable.

Check Version:

Check YesWiki version in admin panel or examine version.php file

Verify Fix Applied:

Verify that authentication is required to access backup functionality and backup filenames are no longer predictable.

📡 Detection & Monitoring

Log Indicators:

  • Multiple backup requests from single IP
  • Unauthenticated access to backup endpoints
  • Rapid backup file creation

Network Indicators:

  • HTTP requests to /backup without authentication headers
  • Unusual download patterns of backup files

SIEM Query:

source="web_server" AND (uri_path="/backup" OR uri_path LIKE "%/backup%") AND NOT (auth_status="success")

📊 Metadata

CVE ID: CVE-2025-46348
CVSS v3 Score: 10.0 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-287
EPSS Score: 0.21% exploit probability (42.5th percentile)
Published: April 29, 2025
Last Updated: May 9, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-46348, you might also want to check these:

CVE-2024-27767 10.0

CVE-2024-27767 is an authentication bypass vulnerability that allows attackers to gain unauthorized ...

Same vulnerability type (CWE-287)
CVE-2026-24898 10.0

OpenEMR versions before 8.0.0 contain an unauthenticated token disclosure vulnerability in the MedEx...

Same vulnerability type (CWE-287)
CVE-2026-20127 10.0

This critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager al...

Same vulnerability type (CWE-287)