{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25608", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-22T13:14:56.383Z", "datePublished": "2026-03-22T13:38:42.514Z", "dateUpdated": "2026-03-23T15:30:27.448Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-22T13:38:42.514Z"}, "title": "Iperius Backup 6.1.0 Privilege Escalation via Backup Job", "descriptions": [{"lang": "en", "value": "Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs. Attackers can configure backup jobs to execute malicious batch files or programs before or after backup operations, which run with the privileges of the Iperius Backup Service account (Local System or Administrator), enabling privilege escalation and arbitrary code execution."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": ".NET Misconfiguration: Use of Impersonation", "cweId": "CWE-520", "type": "CWE"}]}], "affected": [{"vendor": "Iperius", "product": "Iperius Backup", "versions": [{"version": "6.1.0", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.6, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46863", "name": "ExploitDB-46863", "tags": ["exploit"]}, {"url": "https://www.iperiusbackup.com/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.iperiusbackup.com/download.aspx", "name": "Product Reference", "tags": ["product"]}, {"name": "VulnCheck Advisory: Iperius Backup 6.1.0 Privilege Escalation via Backup Job", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/iperius-backup-privilege-escalation-via-backup-job"}], "credits": [{"lang": "en", "value": "bzyo", "type": "finder"}], "x_generator": {"engine": "vulncheck"}, "datePublic": "2019-05-17T00:00:00.000Z"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T15:30:17.856616Z", "id": "CVE-2019-25608", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T15:30:27.448Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25608", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-23T15:30:17.856616Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T15:30:23.097Z"}}], "cna": {"title": "Iperius Backup 6.1.0 Privilege Escalation via Backup Job", "credits": [{"lang": "en", "type": "finder", "value": "bzyo"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Iperius", "product": "Iperius Backup", "versions": [{"status": "affected", "version": "6.1.0"}]}], "datePublic": "2019-05-17T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/46863", "name": "ExploitDB-46863", "tags": ["exploit"]}, {"url": "https://www.iperiusbackup.com/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.iperiusbackup.com/download.aspx", "name": "Product Reference", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/iperius-backup-privilege-escalation-via-backup-job", "name": "VulnCheck Advisory: Iperius Backup 6.1.0 Privilege Escalation via Backup Job", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs. Attackers can configure backup jobs to execute malicious batch files or programs before or after backup operations, which run with the privileges of the Iperius Backup Service account (Local System or Administrator), enabling privilege escalation and arbitrary code execution."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-520", "description": ".NET Misconfiguration: Use of Impersonation"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-22T13:38:42.514Z"}}}, "cveMetadata": {"cveId": "CVE-2019-25608", "state": "PUBLISHED", "dateUpdated": "2026-03-23T15:30:27.448Z", "dateReserved": "2026-03-22T13:14:56.383Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-22T13:38:42.514Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs. Attackers can configure backup jobs to execute malicious batch files or programs before or after backup operations, which run with the privileges of the Iperius Backup Service account (Local System or Administrator), enabling privilege escalation and arbitrary code execution."}], "id": "CVE-2019-25608", "lastModified": "2026-03-23T14:31:37.267", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-22T14:16:28.807", "references": [{"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/46863"}, {"source": "disclosure@vulncheck.com", "url": "https://www.iperiusbackup.com/"}, {"source": "disclosure@vulncheck.com", "url": "https://www.iperiusbackup.com/download.aspx"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/iperius-backup-privilege-escalation-via-backup-job"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-520"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.1.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Iperius Backup", "source": "cna", "vendor": "Iperius"}, "product": "iperius_backup", "vendor": "iperius"}], "analysis": {"en": {"generated_at": "2026-03-22T14:51:42.135206+00:00", "value": {"mitigation_remediation": ["Upgrade Iperius Backup to a patched version that removes the flaw.", "If upgrading is not possible immediately, restrict the ability to create backup jobs to administrators only.", "Ensure the Iperius Backup service runs with the least privileges required, such as not using Local System."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Iperius Backup version\u00a06.1.0 distributed by Iperius. No other product versions or related products are listed as affected in the available data, so the impact is limited to installations running this specific version.", "description_and_impact": "Iperius Backup 6.1.0 includes a privilege\u2011escalation flaw that allows users with ordinary local privileges to create backup jobs that execute arbitrary programs. The software runs any configured batch file or executable under the rights of the backup service account, which is typically Local\u00a0System or an Administrator. As a result, an attacker can run code with full system privileges, compromising confidentiality, integrity, and availability. The weakness is identified as CWE\u2011520, denoting improper handling of privileged execution.", "risk_and_exploitability": "The flaw carries a CVSS score of 8.6, indicating high severity. The attack can be carried out only when an attacker has local access to create or modify backup jobs; based on the description, the likely attack vector is local. Because the exploit does not rely on remote input and no EPSS score is available, the probability of widespread exploitation is uncertain, and the component is not listed in the CISA KEV catalogue."}}}}, "created": "2026-03-23T09:46:12.317301+00:00", "updated": "2026-03-25T14:46:08.342868+00:00", "vendors": ["iperius", "iperius$PRODUCT$iperius_backup"]}