Insecure File System Permissions Vulnerability in MSP360 Backup by MSP360
CVE-2025-43596

8.5HIGH

Key Information:

Vendor: Msp360
Status: Backup
Vendor: CVE Published:; 22 May 2025

What is CVE-2025-43596?

An insecure file system permissions vulnerability in MSP360 Backup 8.0 enables low privileged users to execute commands with SYSTEM level privileges. This can be exploited by utilizing a specially crafted file targeting an arbitrary file backup location. Users are advised to upgrade to MSP360 Backup 8.1.1.19 to mitigate this risk.

Affected Version(s)

Backup 8.0

Backup 8.1.1.19

References

https://help.msp360.com/cloudberry-backup/whats-new

https://help.msp360.com/cloudberry-backup/security/admin-...

https://raw.githubusercontent.com/cisagov/CSAF/develop/cs...

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 22, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Matthew Galligan, undefined

JSON

Msp360

What is CVE-2025-43596?

Affected Version(s)

References

CVSS V4

Timeline

Credit