CVE-2025-53395

Name of the Vulnerable Software and Affected Versions Macrium Reflect versions through 2025-06-26

Description Macrium Reflect allows local attackers to execute arbitrary code with administrator privileges via a crafted .mrimgx backup file and a malicious VSSSvr.dll located in the same directory. When a user with administrative privileges mounts a backup by opening the .mrimgx file, Reflect loads the attacker's VSSSvr.dll after the mount completes. This occurs due to untrusted DLL search path behavior in ReflectMonitor.exe.

Recommendations Versions prior to 2025-06-26 should be updated. As a temporary workaround, avoid opening .mrimgx backup files from untrusted sources. Restrict access to the ReflectMonitor.exe file to minimize the risk of exploitation.