CVE-2025-43595

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MSP360 Backup version 4.3.1.115

Description An insecure file system permissions vulnerability in MSP360 Backup allows a low privileged user to execute commands with root privileges in the 'Online Backup' folder.

Recommendations Upgrade to MSP360 Backup 4.4 (released on 2025-04-22) to resolve the issue. As a temporary workaround, consider restricting access to the 'Online Backup' folder to minimize the risk of exploitation.

Fix

LPE

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2025-43595

Affected Products

Msp360 Backup

CVE-2025-43595

Weakness Enumeration

Related Identifiers

Affected Products

References · 13