A vulnerability classified as critical was found in Microweber CMS up to 1.2.11. Affected by this vulnerability is an unknown functionality of the file /api/BackupV2/upload of the component Backup Management API. The manipulation of the argument src leads to path traversal.

This vulnerability is known as CVE-2025-34076. The attack can be launched remotely. There is no exploit available.