Remote Code Execution Vulnerability in AOMEI Cyber Backup
CVE-2025-8611

9.8CRITICAL

Key Information:

Vendor: Aomei
Status: Cyber Backup
Vendor: CVE Published:; 20 August 2025

What is CVE-2025-8611?

AOMEI Cyber Backup contains a vulnerability that permits remote attackers to execute arbitrary code without any form of authentication. This flaw is primarily located in the DaoService service, which operates on TCP port 9074 by default. The absence of authentication mechanisms grants malicious parties access to critical functions, allowing them to run code in the context of the SYSTEM account, leading to potential unauthorized control over the affected systems. Organizations using AOMEI Cyber Backup should address this vulnerability promptly to safeguard sensitive data and system integrity.

Affected Version(s)

Cyber Backup 3.7.0

References

https://www.zerodayinitiative.com/advisories/ZDI-25-807/

x_research-advisory

CVSS V3.0

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 20, 2025
Vulnerability Reserved
Aug 5, 2025

CVE-2025-8611 Data

JSON

Aomei

What is CVE-2025-8611?

Affected Version(s)

References

CVSS V3.0

Timeline