CVE-2025-4820121.05.2025, 16:15The ns_backup extension through 13.0.0 for TYPO3 has a Predictable Resource Location.Forced BrowsingEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST8.6 HIGHNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:NmitreCNA8.6 HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:NCISA-ADPADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 15%Common Weakness EnumerationCWE-425 - Direct Request ('Forced Browsing')The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.Referenceshttps://typo3.org/security/advisory/typo3-ext-sa-2025-007