Login Sign Up

CVE-2024-25228

8.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows authenticated attackers to execute arbitrary code on Vinchin Backup and Recovery systems via improper input validation in the getVerifydiyResult function. Attackers with valid credentials can achieve remote code execution with high privileges. All organizations using Vinchin Backup and Recovery 7.2 and earlier are affected.

💻 Affected Systems

Products:
  • Vinchin Backup and Recovery
Versions: 7.2 and earlier
Operating Systems: Linux-based systems running Vinchin
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated access to the web interface. All default installations are vulnerable.

📦 What is this software?

Vinchin Backup And Recovery by Vinchin

View all CVEs affecting Vinchin Backup And Recovery →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary commands, steal backup data, deploy ransomware, pivot to other systems, and maintain persistent access.

🟠

Likely Case

Attackers with stolen or compromised credentials gain full control over backup systems, potentially exfiltrating sensitive backup data or deploying malware.

🟢

If Mitigated

With proper network segmentation and credential protection, impact limited to isolated backup environment with minimal data exposure.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires valid credentials but is trivial to execute once authenticated. Public exploit code available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.2 Update 1 or later

Vendor Advisory: https://www.vinchin.com/en/support/security-advisory.html

Restart Required: Yes

Instructions:

1. Download latest patch from Vinchin support portal. 2. Backup current configuration. 3. Apply patch via Vinchin web interface. 4. Restart Vinchin services. 5. Verify patch installation.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Vinchin backup systems from internet and restrict internal access

Credential Hardening

all

Implement strong password policies, MFA, and regular credential rotation

🧯 If You Can't Patch

  • Implement strict network access controls to limit who can reach Vinchin web interface
  • Monitor for suspicious activity and implement application-level WAF rules to block exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check Vinchin version via web interface admin panel or SSH into server and check version files

Check Version:

cat /usr/local/vinchin/version.txt

Verify Fix Applied:

Verify version is 7.2 Update 1 or later and test that getVerifydiyResult function no longer accepts malicious input

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to ManoeuvreHandler.class.php
  • Suspicious command execution in system logs
  • Multiple failed authentication attempts followed by successful login

Network Indicators:

  • Unusual outbound connections from backup server
  • Traffic to suspicious IPs or domains

SIEM Query:

source="vinchin.logs" AND (uri="/ManoeuvreHandler.class.php" OR process="getVerifydiyResult")

📊 Metadata

CVE ID: CVE-2024-25228
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-77
Published: March 14, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-25228, you might also want to check these:

CVE-2024-48841 10.0

This critical vulnerability in FLXEON software allows remote attackers to execute arbitrary code wit...

Same vulnerability type (CWE-77)
CVE-2025-59818 10.0

This vulnerability allows authenticated attackers to execute arbitrary system commands by manipulati...

Same vulnerability type (CWE-77)
CVE-2024-28354 10.0

This is a critical command injection vulnerability in TRENDnet TEW-827DRU routers that allows remote...

Same vulnerability type (CWE-77)