Local Privilege Escalation Vulnerability in AOMEI Backupper Workstation
CVE-2025-8612

7.3HIGH

Key Information:

Vendor: Aomei
Status: Backupper Workstation
Vendor: CVE Published:; 20 August 2025

What is CVE-2025-8612?

A local privilege escalation vulnerability exists in AOMEI Backupper Workstation, allowing attackers who have executed low-privileged code on targeted installations to escalate their privileges. This issue arises from an improper handling of the restore functionality, which can be exploited through the creation of junctions. By doing so, an attacker can manipulate the service to create arbitrary files, enabling them to execute code with SYSTEM privileges. An administrator’s interaction is required in the exploitation process, highlighting the need for vigilant user practices.

Affected Version(s)

Backupper Workstation 4.7.2

References

https://www.zerodayinitiative.com/advisories/ZDI-25-806/

x_research-advisory

CVSS V3.0

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 20, 2025
Vulnerability Reserved
Aug 5, 2025

CVE-2025-8612 Data

JSON

Aomei

What is CVE-2025-8612?

Affected Version(s)

References

CVSS V3.0

Timeline