CVE-2025-63680

Name of the Vulnerable Software and Affected Versions Nero BackItUp versions 2019 through 2025

Description Nero BackItUp contains a path parsing and user interface rendering flaw. This flaw, combined with how Windows handles file execution, can allow an attacker to run arbitrary code when a user clicks a specially crafted file. Specifically, creating a folder with a trailing dot and placing a script file with the same name inside causes Nero BackItUp to display the file as a folder. When the user clicks this “folder,” Windows attempts to execute the script file through a fallback mechanism. The vulnerable component is the way Nero BackItUp renders file names and interacts with the Windows ShellExecuteW function.

Recommendations Versions prior to 2019 should be updated. Versions 2019 through 2025 should be updated.