Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

MSP360

Source -

CNA

BOS Name -

N/A

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
3Vulnerabilities found
CVE-2025-12838
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-7.3||HIGH
EPSS-0.02% / 4.52%
||
7 Day CHG~0.00%
Published-23 Dec, 2025 | 21:41
Updated-29 Dec, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MSP360 Free Backup Link Following Local Privilege Escalation Vulnerability

MSP360 Free Backup Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MSP360 Free Backup. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. User interaction on the part of an administrator is needed additionally. The specific flaw exists within the restore functionality. By creating a junction, an attacker can abuse the service to create arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27245.

Action-Not Available
Vendor-MSP360
Product-Free Backup
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2025-43596
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
CVSS Score-8.5||HIGH
EPSS-0.17% / 38.68%
||
7 Day CHG~0.00%
Published-22 May, 2025 | 16:49
Updated-23 Sep, 2025 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MSP360 Backup (for Windows) insecure filesystem permissions

An insecure file system permissions vulnerability in MSP360 Backup 8.0 allows a low privileged user to execute commands with SYSTEM level privileges using a specially crafted file with an arbitrary file backup target. Upgrade to MSP360 Backup 8.1.1.19 (released on 2025-05-15).

Action-Not Available
Vendor-msp360MSP360
Product-backupBackup
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2025-43595
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
CVSS Score-8.5||HIGH
EPSS-0.11% / 30.25%
||
7 Day CHG~0.00%
Published-01 May, 2025 | 21:12
Updated-23 Sep, 2025 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MSP360 Backup (for Linux) insecure filesystem permissions

An insecure file system permissions vulnerability in MSP360 Backup 4.3.1.115 allows a low privileged user to execute commands with root privileges in the 'Online Backup' folder. Upgrade to MSP360 Backup 4.4 (released on 2025-04-22).

Action-Not Available
Vendor-msp360MSP360Linux Kernel Organization, Inc
Product-backuplinux_kernelBackup
CWE ID-CWE-276
Incorrect Default Permissions