Description
Iperius Backup 5.8.1 contains a local buffer overflow vulnerability in the structured exception handling (SEH) mechanism that allows local attackers to execute arbitrary code by supplying a malicious file path. Attackers can create a backup job with a crafted payload in the external file location field that triggers a buffer overflow when the backup job executes, enabling code execution with application privileges.
Published: 2026-04-22
Score: 8.6 High
EPSS: n/a
KEV: No
Impact: Local Code Execution via SEH Buffer Overflow
Action: Immediate Patch
AI Analysis

Impact

Iperius Backup version 5.8.1 contains a local buffer overflow within its structured exception handling that could be exploited by maliciously crafted file paths. An attacker who can run commands on the host and create a backup job with a crafted payload in the external file location field can trigger the overflow and gain execution with the same privileges as the backup application. This flaw allows an attacker to run arbitrary code with application-level permissions, posing a serious confidentiality and integrity risk on compromised systems.

Affected Systems

The vulnerability is limited to Iperius Backup software. Systems running version 5.8.1 of the backup application are affected unless patched. No other products or versions are known to be impacted.

Risk and Exploitability

The CVSS score of 8.6 indicates a high severity, and while no EPSS score is available, the lack of a KEV listing suggests no widespread exploitation to date. The attack requires local access to the machine and the ability to submit a backup job, so it is a local attacker scenario. If an attacker can create or influence backup configurations, they can trigger the overflow and execute code with application privileges.

Generated by OpenCVE AI on April 22, 2026 at 18:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Iperius Backup to the latest version that contains the SEH buffer overflow fix
  • Restrict creation of backup jobs with external file locations to trusted administrators and validate path inputs
  • Apply least privilege on the account running Iperius Backup to limit the impact of potential code execution

Generated by OpenCVE AI on April 22, 2026 at 18:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Description Iperius Backup 5.8.1 contains a local buffer overflow vulnerability in the structured exception handling (SEH) mechanism that allows local attackers to execute arbitrary code by supplying a malicious file path. Attackers can create a backup job with a crafted payload in the external file location field that triggers a buffer overflow when the backup job executes, enabling code execution with application privileges.
Title Iperius Backup 5.8.1 Local Buffer Overflow SEH
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-22T15:51:13.336Z

Reserved: 2026-04-22T11:22:09.316Z

Link: CVE-2018-25261

cve-icon Vulnrichment

Updated: 2026-04-22T15:51:04.268Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-22T16:16:46.567

Modified: 2026-04-22T21:23:52.620

Link: CVE-2018-25261

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T18:30:23Z

Weaknesses