CVE-2025-34076 is a path traversal vulnerability classified under CWE-22 affecting Microweber CMS versions up to 1.2.11. The vulnerability exists in the backup management API endpoints /api/BackupV2/upload and /api/BackupV2/download. Authenticated users can abuse these endpoints by providing an absolute file path in the 'src' parameter of the upload request. Due to insufficient validation and lack of proper restrictions on file paths, the server may relocate or delete arbitrary files on the filesystem depending on the privileges of the web service user account running the CMS. Subsequently, the download endpoint can be used to retrieve the contents of these files, enabling local file disclosure. This flaw stems from inadequate sanitization of user-supplied input and improper enforcement of directory restrictions within the backup logic. The vulnerability requires authentication but no user interaction, and the attack vector is network-based with low attack complexity. The CVSS v4.0 score is 6.1, reflecting medium severity with high impact on confidentiality and limited impact on integrity and availability. No public exploits are currently known, but the vulnerability poses a risk of sensitive data exposure and potential file system manipulation if exploited.

For European organizations using Microweber CMS, this vulnerability could lead to unauthorized disclosure of sensitive internal files such as configuration files, credentials, or proprietary data. This could facilitate further attacks like privilege escalation or lateral movement within the network. The ability to relocate or delete files could also disrupt CMS operations or cause denial of service if critical files are affected. Organizations in sectors with strict data protection regulations, such as finance, healthcare, and government, face increased compliance risks and potential legal consequences if sensitive data is exposed. The medium severity rating indicates a significant but not critical threat, emphasizing the need for timely remediation to prevent exploitation. Since exploitation requires authenticated access, insider threats or compromised user accounts pose the greatest risk. The vulnerability could also be leveraged in targeted attacks against European entities using this CMS, especially where backup files or system configurations contain sensitive information.

1. Immediately upgrade Microweber CMS to a version that patches this vulnerability once available. 2. Until a patch is released, restrict access to the backup management API endpoints (/api/BackupV2/upload and /api/BackupV2/download) to trusted administrators only, using network-level controls such as IP whitelisting or VPN access. 3. Implement strict input validation and sanitization on the 'src' parameter to prevent absolute path usage and enforce directory restrictions. 4. Review and harden file system permissions for the web service user to limit the scope of accessible files and prevent unauthorized file operations. 5. Monitor logs for unusual API usage patterns indicative of exploitation attempts, such as unexpected file paths or frequent backup API calls. 6. Conduct regular audits of user accounts and privileges to reduce the risk of compromised credentials being used to exploit this vulnerability. 7. Employ web application firewalls (WAF) with custom rules to detect and block path traversal attempts targeting the backup API endpoints. 8. Educate administrators and developers on secure coding practices related to file handling and path validation to prevent similar issues in the future.