Platform
windows
Component
aomei-cyber-backup
Fixed in
3.7.1
CVE-2025-8611 is a critical Remote Code Execution (RCE) vulnerability discovered in AOMEI Cyber Backup versions 3.7.0 through 3.7.0. This vulnerability allows unauthenticated attackers to execute arbitrary code on the system, potentially leading to complete compromise. A patch, version 3.7.1, has been released to address this issue.
The impact of CVE-2025-8611 is severe due to the lack of authentication required for exploitation. An attacker can directly access the DaoService on TCP port 9074 and execute commands with SYSTEM privileges. This grants them complete control over the affected machine, enabling them to install malware, steal sensitive data, modify system configurations, and potentially pivot to other systems on the network. The vulnerability's simplicity and lack of authentication make it a high-priority target for malicious actors, particularly those seeking to gain initial access to a network. The potential for widespread compromise is significant, especially in environments where AOMEI Cyber Backup is deployed without proper network segmentation or security controls.
CVE-2025-8611 was reported to ZDI (ZDI-CAN-26158) and subsequently disclosed publicly on 2025-08-20. The vulnerability's ease of exploitation and lack of authentication suggest a high probability of exploitation (EPSS score likely high). While no public proof-of-concept (PoC) has been released at the time of writing, the simplicity of the exploit makes it likely that one will emerge soon. It is advisable to assume active exploitation and prioritize remediation.
Exploit Status
EPSS
2.07% (84% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-8611 is to immediately upgrade AOMEI Cyber Backup to version 3.7.1 or later. If upgrading is not immediately feasible, consider isolating affected systems from the network to prevent exploitation. Network firewalls can be configured to block inbound traffic to TCP port 9074. While a WAF is unlikely to directly mitigate this vulnerability, it could potentially detect and block malicious requests based on observed patterns. Monitor system logs for suspicious activity related to the DaoService, specifically looking for unauthorized process executions or network connections originating from the 9074 port. After upgrading, confirm the vulnerability is resolved by attempting to access the DaoService without authentication and verifying that access is denied.
Update AOMEI Cyber Backup to the latest version available from the vendor. This should include the fix for the remote code execution vulnerability due to missing authentication.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-8611 is a critical Remote Code Execution vulnerability in AOMEI Cyber Backup versions 3.7.0–3.7.0, allowing attackers to execute code without authentication.
You are affected if you are running AOMEI Cyber Backup versions 3.7.0 through 3.7.0. Upgrade to 3.7.1 to mitigate the risk.
Upgrade AOMEI Cyber Backup to version 3.7.1 or later. Isolate affected systems if immediate upgrade is not possible.
While no public exploit exists yet, the vulnerability's simplicity suggests a high probability of exploitation. Assume active exploitation and prioritize remediation.
Refer to the AOMEI Cyber Backup official website for the latest security advisory regarding CVE-2025-8611.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.