Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-43595

An insecure file system permissions vulnerability in MSP360 Backup 4.3.1.115 allows a low privileged user to execute commands with root privileges in the 'Online Backup' folder. Upgrade to MSP360 Backup 4.4 (released on 2025-04-22).

Published

2025-05-01T22:15:17.800

Last Modified

2025-09-23T15:50:00.500

Status

Analyzed

Source

9119a7d8-5eab-497f-8521-727c672e3725

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Secondary
CWE-276

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	msp360	backup	4.3.1.115	Yes
Operating System	linux	linux_kernel	-	No

References

https://help.msp360.com/cloudberry-backup-mac-linux/whats-new Release Notes (9119a7d8-5eab-497f-8521-727c672e3725)
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-119-01.json Third Party Advisory (9119a7d8-5eab-497f-8521-727c672e3725)
https://www.cve.org/CVERecord?id=CVE-2025-43595 Third Party Advisory (9119a7d8-5eab-497f-8521-727c672e3725)