プラットフォーム
windows
コンポーネント
aomei-cyber-backup
修正版
3.7.1
CVE-2025-8611 is a critical Remote Code Execution (RCE) vulnerability discovered in AOMEI Cyber Backup versions 3.7.0 through 3.7.0. This vulnerability allows unauthenticated attackers to execute arbitrary code on the system, potentially leading to complete compromise. A patch, version 3.7.1, has been released to address this issue.
The impact of CVE-2025-8611 is severe due to the lack of authentication required for exploitation. An attacker can directly access the DaoService on TCP port 9074 and execute commands with SYSTEM privileges. This grants them complete control over the affected machine, enabling them to install malware, steal sensitive data, modify system configurations, and potentially pivot to other systems on the network. The vulnerability's simplicity and lack of authentication make it a high-priority target for malicious actors, particularly those seeking to gain initial access to a network. The potential for widespread compromise is significant, especially in environments where AOMEI Cyber Backup is deployed without proper network segmentation or security controls.
CVE-2025-8611 was reported to ZDI (ZDI-CAN-26158) and subsequently disclosed publicly on 2025-08-20. The vulnerability's ease of exploitation and lack of authentication suggest a high probability of exploitation (EPSS score likely high). While no public proof-of-concept (PoC) has been released at the time of writing, the simplicity of the exploit makes it likely that one will emerge soon. It is advisable to assume active exploitation and prioritize remediation.
Organizations utilizing AOMEI Cyber Backup, particularly those with direct internet exposure or lacking robust network segmentation, are at significant risk. Environments with legacy configurations or those relying on default settings for AOMEI Cyber Backup are especially vulnerable. Shared hosting environments where multiple users share the same server instance are also at increased risk.
• windows / supply-chain:
Get-Process -Name DaoService | Select-Object -ExpandProperty Path• windows / supply-chain:
Get-WinEvent -LogName System -FilterXPath "*[System[Provider[@Name='Microsoft-Windows-Sysmon/Operational'] and EventID=1]]" -MaxEvents 10 | Where-Object {$_.Properties[0].Value -match 'DaoService'}• generic web:
curl -I http://<target_ip>:9074/ | grep -i 'server'disclosure
patch
エクスプロイト状況
EPSS
2.07% (84% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2025-8611 is to immediately upgrade AOMEI Cyber Backup to version 3.7.1 or later. If upgrading is not immediately feasible, consider isolating affected systems from the network to prevent exploitation. Network firewalls can be configured to block inbound traffic to TCP port 9074. While a WAF is unlikely to directly mitigate this vulnerability, it could potentially detect and block malicious requests based on observed patterns. Monitor system logs for suspicious activity related to the DaoService, specifically looking for unauthorized process executions or network connections originating from the 9074 port. After upgrading, confirm the vulnerability is resolved by attempting to access the DaoService without authentication and verifying that access is denied.
Actualice AOMEI Cyber Backup a la última versión disponible proporcionada por el proveedor. Esto debería incluir la corrección para la vulnerabilidad de ejecución remota de código por falta de autenticación.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2025-8611 is a critical Remote Code Execution vulnerability in AOMEI Cyber Backup versions 3.7.0–3.7.0, allowing attackers to execute code without authentication.
You are affected if you are running AOMEI Cyber Backup versions 3.7.0 through 3.7.0. Upgrade to 3.7.1 to mitigate the risk.
Upgrade AOMEI Cyber Backup to version 3.7.1 or later. Isolate affected systems if immediate upgrade is not possible.
While no public exploit exists yet, the vulnerability's simplicity suggests a high probability of exploitation. Assume active exploitation and prioritize remediation.
Refer to the AOMEI Cyber Backup official website for the latest security advisory regarding CVE-2025-8611.