CVE-2025-46348: CWE-287: Improper Authentication in YesWiki yeswiki
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create and download an archive without being authenticated. This could result in a malicious attacker making numerous requests to create archives and fill up the file system, or by downloading the archive which contains sensitive site information. This issue has been patched in version 4.5.4.
AI Analysis
Technical Summary
CVE-2025-46348 is a critical improper authentication vulnerability affecting YesWiki, a PHP-based wiki system. Versions prior to 4.5.4 allow unauthenticated users to initiate and download site backup archives. The vulnerability arises because the backup request endpoint does not require any authentication, and the backup files are generated with predictable filenames. This flaw enables an attacker to repeatedly request backup creation, potentially filling the server's file system with archives (denial of service via resource exhaustion). More critically, an attacker can download these backup archives without authentication, exposing sensitive site data such as configuration files, user data, or content stored within the wiki. The vulnerability is classified under CWE-287 (Improper Authentication) and CWE-862 (Missing Authorization). The CVSS v3.1 score is 10.0 (critical), reflecting the vulnerability's network accessibility (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and a scope change (S:C) that impacts confidentiality, integrity, and availability (C:H/I:H/A:H). Although no known exploits are currently reported in the wild, the vulnerability's characteristics make it highly exploitable. The issue was patched in YesWiki version 4.5.4, which enforces proper authentication before allowing backup operations. Organizations running vulnerable versions are at risk of data leakage and denial of service due to resource exhaustion from repeated backup requests.
Potential Impact
For European organizations using YesWiki versions prior to 4.5.4, this vulnerability poses a severe risk. Confidentiality is compromised as attackers can download sensitive backup archives without authentication, potentially exposing internal documentation, user credentials, or proprietary information. Integrity is at risk since attackers might manipulate backup processes or leverage the vulnerability as a foothold for further attacks. Availability can be impacted by attackers flooding the system with backup requests, exhausting disk space and causing service disruptions. This can affect public sector entities, educational institutions, and private companies relying on YesWiki for knowledge management or collaboration. The exposure of sensitive data could lead to regulatory non-compliance under GDPR, resulting in legal and financial penalties. Additionally, disruption of wiki services can impair organizational workflows and communication. The vulnerability's ease of exploitation and critical severity necessitate immediate remediation to prevent data breaches and operational impact.
Mitigation Recommendations
1. Immediate upgrade of YesWiki installations to version 4.5.4 or later, where the authentication requirement for backup operations is enforced. 2. If upgrading is not immediately feasible, implement network-level access controls to restrict access to the backup endpoint, such as IP whitelisting or VPN-only access. 3. Monitor server file system usage and set quotas or alerts to detect unusual spikes in storage consumption indicative of abuse. 4. Review web server logs for repeated backup requests from unauthenticated sources to identify potential exploitation attempts. 5. Employ web application firewalls (WAFs) with custom rules to block unauthenticated requests to backup-related URLs. 6. Conduct a thorough audit of existing backup archives to ensure no unauthorized downloads have occurred and securely delete any sensitive backups stored with predictable filenames. 7. Educate system administrators about the vulnerability and ensure timely application of security patches in the future. 8. Implement multi-factor authentication and role-based access controls for administrative functions within YesWiki to reduce the risk of unauthorized actions.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Belgium, Poland, Austria
CVE-2025-46348: CWE-287: Improper Authentication in YesWiki yeswiki
Description
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create and download an archive without being authenticated. This could result in a malicious attacker making numerous requests to create archives and fill up the file system, or by downloading the archive which contains sensitive site information. This issue has been patched in version 4.5.4.
AI-Powered Analysis
Technical Analysis
CVE-2025-46348 is a critical improper authentication vulnerability affecting YesWiki, a PHP-based wiki system. Versions prior to 4.5.4 allow unauthenticated users to initiate and download site backup archives. The vulnerability arises because the backup request endpoint does not require any authentication, and the backup files are generated with predictable filenames. This flaw enables an attacker to repeatedly request backup creation, potentially filling the server's file system with archives (denial of service via resource exhaustion). More critically, an attacker can download these backup archives without authentication, exposing sensitive site data such as configuration files, user data, or content stored within the wiki. The vulnerability is classified under CWE-287 (Improper Authentication) and CWE-862 (Missing Authorization). The CVSS v3.1 score is 10.0 (critical), reflecting the vulnerability's network accessibility (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and a scope change (S:C) that impacts confidentiality, integrity, and availability (C:H/I:H/A:H). Although no known exploits are currently reported in the wild, the vulnerability's characteristics make it highly exploitable. The issue was patched in YesWiki version 4.5.4, which enforces proper authentication before allowing backup operations. Organizations running vulnerable versions are at risk of data leakage and denial of service due to resource exhaustion from repeated backup requests.
Potential Impact
For European organizations using YesWiki versions prior to 4.5.4, this vulnerability poses a severe risk. Confidentiality is compromised as attackers can download sensitive backup archives without authentication, potentially exposing internal documentation, user credentials, or proprietary information. Integrity is at risk since attackers might manipulate backup processes or leverage the vulnerability as a foothold for further attacks. Availability can be impacted by attackers flooding the system with backup requests, exhausting disk space and causing service disruptions. This can affect public sector entities, educational institutions, and private companies relying on YesWiki for knowledge management or collaboration. The exposure of sensitive data could lead to regulatory non-compliance under GDPR, resulting in legal and financial penalties. Additionally, disruption of wiki services can impair organizational workflows and communication. The vulnerability's ease of exploitation and critical severity necessitate immediate remediation to prevent data breaches and operational impact.
Mitigation Recommendations
1. Immediate upgrade of YesWiki installations to version 4.5.4 or later, where the authentication requirement for backup operations is enforced. 2. If upgrading is not immediately feasible, implement network-level access controls to restrict access to the backup endpoint, such as IP whitelisting or VPN-only access. 3. Monitor server file system usage and set quotas or alerts to detect unusual spikes in storage consumption indicative of abuse. 4. Review web server logs for repeated backup requests from unauthenticated sources to identify potential exploitation attempts. 5. Employ web application firewalls (WAFs) with custom rules to block unauthenticated requests to backup-related URLs. 6. Conduct a thorough audit of existing backup archives to ensure no unauthorized downloads have occurred and securely delete any sensitive backups stored with predictable filenames. 7. Educate system administrators about the vulnerability and ensure timely application of security patches in the future. 8. Implement multi-factor authentication and role-based access controls for administrative functions within YesWiki to reduce the risk of unauthorized actions.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-04-22T22:41:54.913Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d983bc4522896dcbee2af
Added to database: 5/21/2025, 9:09:15 AM
Last enriched: 6/25/2025, 6:05:08 AM
Last updated: 8/11/2025, 3:49:30 AM
Views: 13
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.