CVE-2025-32991

Published: Mar 25, 2026 Last Modified: Mar 25, 2026
ExploitDB:
Other exploit source:
Google Dorks:
CRITICAL 9,0
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Scope: changed
Confidentiality: high
Integrity: high
Availability: high

Description

AI Translation Available

In N2WS Backup & Recovery before 4.4.0, a two-step attack against the RESTful API results in remote code execution.

362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Availability Confidentiality Integrity Access Control
Potential Impacts:
Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Dos: Resource Consumption (Other) Dos: Crash, Exit, Or Restart Dos: Instability Read Files Or Directories Read Application Data Execute Unauthorized Code Or Commands Gain Privileges Or Assume Identity Bypass Protection Mechanism
Applicable Platforms
Languages: C, C++, Java
Technologies: Mobile, ICS/OT
Likelihood of Exploit: Medium
View CWE Details
https://n2ws.com/blog/security-advisory-update
https://n2ws.com/blog/security-advisory-update
https://www.n2ws.com
https://www.n2ws.com