CVE-2025-32991 - Vulnerability Analysis
CriticalCVSS: 9.0Last Updated: March 25, 2026
N2WS Backup & Recovery - Remote Code Execution
Published: March 25, 2026Updated: March 25, 2026Remote Exploitable
Overview
N2WS Backup & Recovery < 4.4.0 contains a remote code execution caused by a two-step attack against the RESTful API, letting remote attackers execute arbitrary code, exploit requires no special privileges.
Severity & Score
Severity: Critical
CVSS Score: 9.0
EPSS Score: 20.5%(Probability of exploitation in next 30 days)
Impact
Remote attackers can execute arbitrary code, potentially leading to full system compromise.
Mitigation
Update to version 4.4.0 or later.
Social Media Activity(1 post)
TheHackerWire
@thehackerwire
š“ CVE-2025-32991 - Critical (9) In N2WS Backup & Recovery before 4.4.0, a two-step attack against the RESTful API results in remote code execution. š https://www.thehackerwire.com/vulnerability/CVE-2025-32991/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2025-32991
- Severity
- Critical
- CVSS Score
- 9.0
- Type
- undefined
- Status
- unconfirmed
- EPSS
- 20.5%
- Social Posts
- 1
CWE
- CWE-362
CVSS Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
20.5%Probability of exploitation in the next 30 days