CVE-2025-12838

Name of the Vulnerable Software and Affected Versions MSP360 Free Backup (affected versions not specified)

Description A local attacker can escalate privileges on affected installations of MSP360 Free Backup. The attacker must first have the ability to execute low-privileged code on the target system. Administrator interaction is also required. The issue resides within the restore functionality, where an attacker can create a junction and abuse the service to create arbitrary files, leading to privilege escalation and arbitrary code execution in the context of SYSTEM.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.