Aomeitech

aomeitech

2 CVEs • 2 products

Products (2)

Click to collapse

Toggle

Cyber Backup

cyber_backup

1 CVE

Backupper Workstation

backupper_workstation

1 CVE

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-8612 1Aomeitech 1Backupper Workstation Sep 3, 2025 Aug 20, 2025 N/A· v4 7.3 HIGH· v3 N/A· v2 AOMEI Backupper Workstation Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AOMEI Backupper Workstation. An attacker...Show more AOMEI Backupper Workstation Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AOMEI Backupper Workstation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. User interaction on the part of an administrator is needed additionally. The specific flaw exists within the restore functionality. By creating a junction, an attacker can abuse the service to create arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27059.Show less
CVE-2025-8611 1Aomeitech 1Cyber Backup Aug 22, 2025 Aug 20, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AOMEI Cyber Backup. A...Show more AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AOMEI Cyber Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DaoService service, which listens on TCP port 9074 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-26158.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2025-8612

1Aomeitech

1Backupper Workstation

Sep 3, 2025

Aug 20, 2025

N/A· v4

7.3 HIGH· v3

N/A· v2

AOMEI Backupper Workstation Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AOMEI Backupper Workstation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. User interaction on the part of an administrator is needed additionally. The specific flaw exists within the restore functionality. By creating a junction, an attacker can abuse the service to create arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27059.Show less

CVE-2025-8611

1Aomeitech

1Cyber Backup

Aug 22, 2025

Aug 20, 2025

N/A· v4

9.8 CRITICAL· v3

N/A· v2

AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AOMEI Cyber Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DaoService service, which listens on TCP port 9074 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-26158.Show less