CVE-2025-46348 in yeswiki
Summary
by MITRE • 04/30/2025
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create and download an archive without being authenticated. This could result in a malicious attacker making numerous requests to create archives and fill up the file system, or by downloading the archive which contains sensitive site information. This issue has been patched in version 4.5.4.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 04/30/2025
The vulnerability identified as CVE-2025-46348 affects YesWiki, a PHP-based wiki system that has been widely deployed in web environments. This authentication bypass flaw exists in versions prior to 4.5.4 and represents a critical security weakness that undermines the system's access controls. The vulnerability specifically targets the backup functionality of the wiki platform, which is a core administrative feature designed to create and manage site archives. The flaw allows unauthenticated users to initiate backup operations and subsequently download the generated archives, creating a significant exposure in the system's security architecture.
The technical implementation of this vulnerability stems from predictable filename generation within the backup process. When an unauthorized user accesses the backup endpoint, the system creates archive files with predetermined naming conventions that can be easily guessed or enumerated. This predictable filename mechanism eliminates any form of access control enforcement during the backup initiation phase, allowing malicious actors to bypass authentication requirements entirely. The vulnerability manifests as a lack of proper session validation and access control checks before permitting backup operations to proceed. According to CWE classification, this represents a weakness categorized under CWE-287, which deals with improper authentication mechanisms, specifically highlighting the absence of adequate access controls for sensitive operations.
The operational impact of this vulnerability extends beyond simple unauthorized access to encompass potential system resource exhaustion and data leakage. Attackers can exploit this flaw to flood the file system with numerous backup archives, potentially leading to denial of service conditions through disk space exhaustion. Additionally, the downloaded archives contain sensitive site information including user data, configuration details, and potentially proprietary content, creating a data exposure risk that could compromise the entire wiki environment. The vulnerability's exploitation aligns with ATT&CK technique T1213.002, which involves data from information repositories, as attackers can harvest sensitive data through the backup mechanism. The issue also demonstrates characteristics of privilege escalation through improper access control, as unauthorized users gain access to administrative functionality that should be restricted to authenticated administrators.
Mitigation strategies for CVE-2025-46348 require immediate implementation of the patched version 4.5.4, which addresses the authentication bypass through proper access control enforcement. Organizations should ensure all YesWiki installations are updated to the latest version to remediate this vulnerability. Additional protective measures include implementing network-level access controls to restrict access to backup endpoints, monitoring for unusual backup activity patterns, and conducting regular security assessments of the wiki platform. Security teams should also consider implementing rate limiting mechanisms to prevent abuse of the backup functionality and establish proper logging of backup operations to detect unauthorized access attempts. The vulnerability serves as a reminder of the critical importance of access control validation in web applications, particularly for administrative functions that can expose sensitive system information through backup mechanisms.