Plattform
windows
Komponente
aomei-cyber-backup
Behoben in
3.7.1
CVE-2025-8610 is a critical Remote Code Execution (RCE) vulnerability discovered in AOMEI Cyber Backup versions 3.7.0 through 3.7.0. This flaw allows unauthenticated attackers to execute arbitrary code on affected systems, potentially leading to complete system compromise. A patch, version 3.7.1, has been released to address this vulnerability.
The impact of CVE-2025-8610 is severe due to the lack of authentication required for exploitation. An attacker can directly access the StorageNode service on TCP port 9075 and execute arbitrary code in the SYSTEM context. This grants them complete control over the affected machine, enabling data theft, malware installation, and lateral movement within the network. The vulnerability's ease of exploitation and high-privilege execution make it a significant threat, particularly in environments where AOMEI Cyber Backup is exposed to external networks or untrusted sources. Successful exploitation could mirror the impact of other RCE vulnerabilities where attackers gain full system control, potentially leading to ransomware deployment or data exfiltration.
CVE-2025-8610 was disclosed on 2025-08-20. The vulnerability was reported to ZDI as ZDI-CAN-26156. Public proof-of-concept code is currently unknown, but the ease of exploitation suggests a high probability of public exploits emerging. The CVSS score of 9.8 indicates a critical severity, and the lack of authentication makes it a prime target for exploitation. It is advisable to treat this vulnerability with the highest priority.
Organizations utilizing AOMEI Cyber Backup, particularly those with internet-facing deployments or those lacking robust network segmentation, are at significant risk. Shared hosting environments where multiple users share the same server instance are also particularly vulnerable, as a compromise of one user's instance could potentially lead to the compromise of others.
• windows / supply-chain:
Get-Process -Name CyberBackupStorageNode -ErrorAction SilentlyContinue | Select-Object ProcessId, CommandLine• windows / supply-chain:
Get-WinEvent -LogName System -FilterXPath "*[System[Provider[@Name='Microsoft-Windows-Sysmon/Operational'] and (EventID=1 or EventID=3)] and EventData[Data[@Name='Image']='C:\Program Files\AOMEI Cyber Backup\StorageNode\CyberBackupStorageNode.exe']"] -MaxEvents 10• generic web: Use a network scanner to check if TCP port 9075 is open on systems running AOMEI Cyber Backup.
disclosure
patch
Exploit-Status
EPSS
2.07% (84% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-8610 is to immediately upgrade AOMEI Cyber Backup to version 3.7.1 or later. If upgrading is not immediately feasible, consider isolating affected systems from external networks to prevent unauthorized access. Network segmentation can limit the potential blast radius of a successful attack. While a direct workaround is unavailable, monitoring TCP port 9075 for unusual activity can provide early detection. After upgrading, confirm the vulnerability is resolved by attempting to access the StorageNode service without authentication; it should be denied.
Actualice AOMEI Cyber Backup a la última versión disponible proporcionada por el proveedor. Esto debería incluir la corrección para la vulnerabilidad de ejecución remota de código por falta de autenticación.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-8610 is a critical RCE vulnerability in AOMEI Cyber Backup versions 3.7.0–3.7.0, allowing attackers to execute code without authentication.
If you are running AOMEI Cyber Backup versions 3.7.0–3.7.0, you are affected by this vulnerability.
Upgrade AOMEI Cyber Backup to version 3.7.1 or later to remediate the vulnerability. Isolate affected systems if immediate upgrade is not possible.
While no active exploitation has been publicly confirmed, the ease of exploitation suggests a high probability of exploitation.
Refer to the AOMEI Cyber Backup official website or security advisory channels for the latest information and updates regarding CVE-2025-8610.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.