CVE-2025-53394

Name of the Vulnerable Software and Affected Versions Macrium Reflect versions through 2025-06-26

Description Macrium Reflect allows attackers to execute arbitrary code with administrator privileges via a crafted .mrimgx or .mrbax backup file. The attack involves placing a renamed executable in the same directory as the crafted backup file. When a user with administrative privileges opens the backup file and mounts it, Reflect launches the renamed executable, which is under attacker control. This is due to insufficient validation of companion files referenced during backup mounting.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.