CVE-2025-8612
BaseFortify
Publication date: 2025-08-20
Last updated on: 2025-09-03
Assigner: Zero Day Initiative
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| aomeitech | backupper_workstation | 4.7.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-59 | The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the restore functionality of AOMEI Backupper Workstation. It allows a local attacker who can execute low-privileged code and who can get an administrator to interact to create a junction that abuses the service to create arbitrary files. This can be leveraged to escalate privileges and execute arbitrary code with SYSTEM level privileges.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can escalate their privileges from a low-privileged user to SYSTEM level, potentially gaining full control over the affected system. This can lead to unauthorized code execution, data compromise, and complete system takeover.