CVE-2025-12838
📋 TL;DR
This vulnerability in MSP360 Free Backup allows local attackers to escalate privileges to SYSTEM by exploiting a link following flaw in the restore functionality. Attackers must first gain low-privileged code execution and require administrator interaction. Users of MSP360 Free Backup are affected.
💻 Affected Systems
- MSP360 Free Backup
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with SYSTEM privileges, enabling installation of persistent malware, credential theft, and lateral movement across the network.
Likely Case
Local privilege escalation allowing attackers to bypass security controls, install additional malware, and maintain persistence on compromised systems.
If Mitigated
Limited impact if proper access controls prevent initial low-privileged code execution and administrator interaction is restricted.
🎯 Exploit Status
Exploitation requires creating junctions and specific timing with administrator actions. ZDI has confirmed the vulnerability exists.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patched version
Vendor Advisory: https://www.msp360.com/resources/blog/security-advisory/
Restart Required: Yes
Instructions:
1. Check current MSP360 Free Backup version. 2. Update to latest version from official vendor website. 3. Restart the system. 4. Verify the update was successful.
🔧 Temporary Workarounds
Disable MSP360 Free Backup Service
windowsTemporarily disable the backup service to prevent exploitation
sc stop "MSP360 Backup Service"
sc config "MSP360 Backup Service" start= disabled
Restrict Administrator Interaction
windowsImplement policies to prevent administrators from running untrusted backup files
🧯 If You Can't Patch
- Implement strict access controls to prevent low-privileged code execution
- Monitor for junction creation and suspicious file operations in MSP360 directories
🔍 How to Verify
Check if Vulnerable:
Check MSP360 Free Backup version and compare against vendor's patched version listCheck Version:
Check MSP360 application interface or installed programs list for version informationVerify Fix Applied:
Verify MSP360 Free Backup is updated to latest version and test restore functionality with monitoring📡 Detection & Monitoring
Log Indicators:
- Unusual junction creation in MSP360 directories
- Suspicious file operations by MSP360 processes
- Privilege escalation attempts
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
Process creation where parent process is MSP360 and child process has SYSTEM privileges