Home

Description

The ns_backup extension through 13.0.2 for TYPO3 allows command injection.

PUBLISHED Reserved 2025-08-28 | Published 2025-09-02 | Updated 2025-09-02 | Assigner TYPO3




HIGH: 8.6CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status
unaffected

Any version
affected

Credits

Swiss NCSC Vulnerability Management Team reporter

References

typo3.org/security/advisory/typo3-ext-sa-2025-011

cve.org (CVE-2025-9573)

nvd.nist.gov (CVE-2025-9573)

Download JSON