Local Privilege Escalation in 2BrightSparks SyncBackFree Software
CVE-2025-5474

7.3HIGH

Key Information:

Vendor: 2brightsparks
Status: Syncbackfree
Vendor: CVE Published:; 6 June 2025

🔔 Create 2brightsparks Vulnerability Alert

What is CVE-2025-5474?

The vulnerability found in 2BrightSparks SyncBackFree involves a local privilege escalation that allows attackers to gain elevated privileges on compromised systems. Attackers must have the ability to execute low-privileged code, as well as administrative user interaction, to exploit this flaw. This vulnerability is particularly concerning due to its association with the software's Mirror functionality, which, when manipulated through the creation of a junction, can lead to unauthorized file deletions and arbitrary code execution within the context of the SYSTEM level. This poses significant security risks for users, as it may result in complete loss of control over the affected systems and potential data loss.

Affected Version(s)

SyncBackFree 11.3.87.0

References

https://www.zerodayinitiative.com/advisories/ZDI-25-322/

x_research-advisory

CVSS V3.0

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 6, 2025
Vulnerability Reserved
Jun 2, 2025