Vinchin Backup and Recovery vulnerable to Authenticated Remote Code Execution
CVE-2024-25228

8.8HIGH

Key Information:

Vendor

Vinchin

Vendor
CVE Published:
14 March 2024

What is CVE-2024-25228?

Vinchin Backup and Recovery, specifically versions 7.2 and earlier, is vulnerable to an Authenticated Remote Code Execution flaw. This vulnerability resides in the getVerifydiyResult function within the ManoeuvreHandler.class.php file. If exploited, attackers with authenticated access can execute arbitrary commands on the server, potentially compromising sensitive data and functionality. Organizations using affected versions should prioritize applying patches or implementing mitigation strategies to safeguard their systems.

References

EPSS Score

25% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.