Platform
windows
Component
aomei-cyber-backup
Fixed in
3.7.1
CVE-2025-8610 is a critical Remote Code Execution (RCE) vulnerability discovered in AOMEI Cyber Backup versions 3.7.0 through 3.7.0. This flaw allows unauthenticated attackers to execute arbitrary code on affected systems, potentially leading to complete system compromise. A patch, version 3.7.1, has been released to address this vulnerability.
The impact of CVE-2025-8610 is severe due to the lack of authentication required for exploitation. An attacker can directly access the StorageNode service on TCP port 9075 and execute arbitrary code in the SYSTEM context. This grants them complete control over the affected machine, enabling data theft, malware installation, and lateral movement within the network. The vulnerability's ease of exploitation and high-privilege execution make it a significant threat, particularly in environments where AOMEI Cyber Backup is exposed to external networks or untrusted sources. Successful exploitation could mirror the impact of other RCE vulnerabilities where attackers gain full system control, potentially leading to ransomware deployment or data exfiltration.
CVE-2025-8610 was disclosed on 2025-08-20. The vulnerability was reported to ZDI as ZDI-CAN-26156. Public proof-of-concept code is currently unknown, but the ease of exploitation suggests a high probability of public exploits emerging. The CVSS score of 9.8 indicates a critical severity, and the lack of authentication makes it a prime target for exploitation. It is advisable to treat this vulnerability with the highest priority.
Exploit Status
EPSS
2.07% (84% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-8610 is to immediately upgrade AOMEI Cyber Backup to version 3.7.1 or later. If upgrading is not immediately feasible, consider isolating affected systems from external networks to prevent unauthorized access. Network segmentation can limit the potential blast radius of a successful attack. While a direct workaround is unavailable, monitoring TCP port 9075 for unusual activity can provide early detection. After upgrading, confirm the vulnerability is resolved by attempting to access the StorageNode service without authentication; it should be denied.
Update AOMEI Cyber Backup to the latest version available from the vendor. This should include the fix for the remote code execution vulnerability due to missing authentication.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-8610 is a critical RCE vulnerability in AOMEI Cyber Backup versions 3.7.0–3.7.0, allowing attackers to execute code without authentication.
If you are running AOMEI Cyber Backup versions 3.7.0–3.7.0, you are affected by this vulnerability.
Upgrade AOMEI Cyber Backup to version 3.7.1 or later to remediate the vulnerability. Isolate affected systems if immediate upgrade is not possible.
While no active exploitation has been publicly confirmed, the ease of exploitation suggests a high probability of exploitation.
Refer to the AOMEI Cyber Backup official website or security advisory channels for the latest information and updates regarding CVE-2025-8610.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.