CVE-2025-46348

YesWiki Vulnerable to Unauthenticated Site Backup Creation and Download

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create and download an archive without being authenticated. This could result in a malicious attacker making numerous requests to create archives and fill up the file system, or by downloading the archive which contains sensitive site information. This issue has been patched in version 4.5.4.

We have discovered 75 live websites that are affected by CVE-2025-46348.

Run a Free Instant Scan



Affected Software

Product  YesWiki
Category Wikis
Vulnerable Domains75 live websites (42% of YesWiki install base)
Vulnerable Versions
  • from 0 through 4.5.4
Vulnerable Versions Count10 versions ( 67% of all versions)


Common Weakness Enumeration

CWE-287 Improper Authentication



Details

  • Published - Apr 29, 2025
  • Updated - Apr 30, 2025

Website Distribution by Country

Number of websites using CVE-2025-46348
France66 websites
Switzerland4 websites
Germany4 websites
Italy1 websites

Website Distribution by TLD

Number of websites using CVE-2025-46348
.fr31 websites
.org24 websites
.net7 websites
.be4 websites
.eu2 websites
.info1 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2025-46348

Top websites that are affected by CVE-2025-46348. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*************.org Germany***,***
**************************.fr France***,***
****************.org France*,***,***
**********.org France*,***,***
*********.org Italy*,***,***
********.fr France*,***,***
****.*******.org France*,***,***
**********.fr France*,***,***
**********.*********.net France*,***,***
************************.net France*,***,***
See full domain list

FAQ

CVE-2025-46348 is Improper Authentication in YesWiki
A total of 75 websites have been identified as vulnerable to CVE-2025-46348, based on global website indexing conducted by WebTechSurvey.
The YesWiki is affected by the CVE-2025-46348 vulnerability.
YesWiki versions up to 4.5.4 are vulnerable to CVE-2025-46348.
CVE-2025-46348 is resolved in version 4.5.4 of YesWiki.