{"id":35093,"date":"2025-05-06T00:18:31","date_gmt":"2025-05-06T00:18:31","guid":{"rendered":""},"modified":"2025-06-06T11:37:39","modified_gmt":"2025-06-06T17:37:39","slug":"cve-2025-46348-unauthenticated-backup-exploitation-of-yeswiki-prior-to-version-4-5-4","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-46348-unauthenticated-backup-exploitation-of-yeswiki-prior-to-version-4-5-4\/","title":{"rendered":"<strong>CVE-2025-46348: Unauthenticated Backup Exploitation of YesWiki Prior to Version 4.5.4<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>The CVE-2025-46348 vulnerability is a critical flaw in the YesWiki system, a widely used wiki platform built with PHP. This vulnerability has far-reaching implications as it affects all versions prior to 4.5.4 and could potentially lead to system compromise or data leakage. The issue lies in the backup process of the system where unauthenticated users can create and download site backups, hence causing potential <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-23176-sql-injection-vulnerability-poses-serious-threat-to-data-security\/\"  data-wpil-monitor-id=\"39963\">threats to the security of sensitive site data<\/a>.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-46348<br \/>\nSeverity: Critical (CVSS: 10.0)<br \/>\nAttack Vector: Network<br \/>\nPrivileges Required: None<br \/>\nUser Interaction: None<br \/>\nImpact: <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-3914-potential-arbitrary-file-uploads-and-system-compromise-in-aeropage-sync-for-airtable-wordpress-plugin\/\"  data-wpil-monitor-id=\"40613\">System Compromise<\/a>, Data Leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-291224779\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<p>Product | Affected Versions<\/p>\n<p>YesWiki | All <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-43865-critical-spoofing-vulnerability-in-react-router-prior-to-version-7-5-2\/\"  data-wpil-monitor-id=\"41460\">versions prior<\/a> to 4.5.4<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>The exploit takes advantage of the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-32857-sql-injection-vulnerability-in-telecontrol-server-basic-leading-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"39894\">vulnerability in the backup process of YesWiki systems<\/a> where an unauthenticated user can initiate a backup and download it without needing authentication. Given that the system creates the archives with <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2024-13952-predictable-filename-vulnerabilities-in-aspect-software\/\"  data-wpil-monitor-id=\"55306\">predictable filenames<\/a>, an attacker can easily generate and download these archives. Moreover, this <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-37087-high-risk-vulnerability-in-hpe-performance-cluster-manager\/\"  data-wpil-monitor-id=\"40089\">vulnerability can also be exploited to perform<\/a> a Denial of Service (DoS) attack by continually creating archives until the file system is full.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-1608672805\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>While the exact <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2024-40446-arbitrary-code-execution-vulnerability-in-forkosh-mime-tex\/\"  data-wpil-monitor-id=\"39893\">code to exploit this vulnerability<\/a> would vary, a conceptual example of a potential HTTP request to exploit this issue could look like this:<\/p>\n<pre><code class=\"\" data-line=\"\">GET \/backup\/archive.tar.gz HTTP\/1.1\nHost: targetsite.com<\/code><\/pre>\n<p>In this example, `archive.tar.gz` is the predictable filename of the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-48860-exploiting-backup-archives-to-gain-remote-access-in-ctrlx-os\/\"  data-wpil-monitor-id=\"81405\">backup archive<\/a>. A malicious actor could continuously send this request to both download the site&#8217;s backup and <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-3928-unspecified-vulnerability-in-commvault-web-server-leading-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"40385\">potentially fill up the server&#8217;s<\/a> disk space.<\/p>\n<p><strong>Mitigation and Recommendations<\/strong><\/p>\n<p>The <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-7224-openvpn-connect-vulnerability-in-macos-versions-3-0-to-3-4-6\/\"  data-wpil-monitor-id=\"41194\">vulnerability has been patched in YesWiki version<\/a> 4.5.4. Users are strongly recommended to update their <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-22636-cross-site-scripting-vulnerability-in-vr-frases-leads-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"40210\">systems to this version or later to prevent potential<\/a> exploitation. For those who cannot immediately update their system, using a Web Application Firewall (WAF) or Intrusion Detection Systems (IDS) may provide a temporary mitigation. However, these are not long-term solutions and updating to the patched version remains the most secure option.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview The CVE-2025-46348 vulnerability is a critical flaw in the YesWiki system, a widely used wiki platform built with PHP. This vulnerability has far-reaching implications as it affects all versions prior to 4.5.4 and could potentially lead to system compromise or data leakage. The issue lies in the backup process of the system where unauthenticated [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[],"product":[],"attack_vector":[87],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-35093","post","type-post","status-publish","format-standard","hentry","category-uncategorized","attack_vector-dos"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/35093","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=35093"}],"version-history":[{"count":10,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/35093\/revisions"}],"predecessor-version":[{"id":73858,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/35093\/revisions\/73858"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=35093"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=35093"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=35093"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=35093"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=35093"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=35093"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=35093"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=35093"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=35093"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}