CVE-2025-43595

Опубликовано: 01 мая 2025

Источник: nvd

CVSS3: 7.8

CVSS3: 9.8

EPSS Низкий

Описание

An insecure file system permissions vulnerability in MSP360 Backup 4.3.1.115 allows a low privileged user to execute commands with root privileges in the 'Online Backup' folder. Upgrade to MSP360 Backup 4.4 (released on 2025-04-22).

Ссылки

https://help.msp360.com/cloudberry-backup-mac-linux/whats-new
Release Notes
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-119-01.json
Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2025-43595
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:msp360:backup:4.3.1.115:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

EPSS

Процентиль: 30%

0.00114

Низкий

7.8 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-276

Связанные уязвимости

GHSA-gjwx-g2ph-472r

CVSS3: 7.8

github

9 месяцев назад

An insecure file system permissions vulnerability in MSP360 Backup 4.3.1.115 allows a lower privileged user to execute commands with root level privileges in the 'Online Backup' folder. Users are recommended to upgrade to MSP360 Backup 4.4 (released on 2025-04-22).

EPSS

Процентиль: 30%

0.00114

Низкий

7.8 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-276