CVE-2025-9573 HIGH

CVE-2025-9573: Command Injection in extension "TYPO3 Backup Plus" (ns_backup)

Vendor Typo3
Product Extension "TYPO3 Backup Plus"
Weakness CWE-78
Published September 2, 2025
Last update September 2, 2025
View on NVD All CVEs

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

Description

The ns_backup extension through 13.0.2 for TYPO3 allows command injection.

Key dates

Disclosure timeline

September 2, 2025 CVE published
September 2, 2025 Record updated