Description
Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs. Attackers can configure backup jobs to execute malicious batch files or programs before or after backup operations, which run with the privileges of the Iperius Backup Service account (Local System or Administrator), enabling privilege escalation and arbitrary code execution.
Published: 2026-03-22
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

Iperius Backup 6.1.0 includes a privilege‑escalation flaw that allows users with ordinary local privileges to create backup jobs that execute arbitrary programs. The software runs any configured batch file or executable under the rights of the backup service account, which is typically Local System or an Administrator. As a result, an attacker can run code with full system privileges, compromising confidentiality, integrity, and availability. The weakness is identified as CWE‑520, denoting improper handling of privileged execution.

Affected Systems

The vulnerability affects Iperius Backup version 6.1.0 distributed by Iperius. No other product versions or related products are listed as affected in the available data, so the impact is limited to installations running this specific version.

Risk and Exploitability

The flaw carries a CVSS score of 8.6, indicating high severity. The attack can be carried out only when an attacker has local access to create or modify backup jobs; based on the description, the likely attack vector is local. Because the exploit does not rely on remote input and no EPSS score is available, the probability of widespread exploitation is uncertain, and the component is not listed in the CISA KEV catalogue.

Generated by OpenCVE AI on March 22, 2026 at 14:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Iperius Backup to a patched version that removes the flaw.
  • If upgrading is not possible immediately, restrict the ability to create backup jobs to administrators only.
  • Ensure the Iperius Backup service runs with the least privileges required, such as not using Local System.

Generated by OpenCVE AI on March 22, 2026 at 14:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Iperius
Iperius iperius Backup
Vendors & Products Iperius
Iperius iperius Backup

Sun, 22 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Description Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs. Attackers can configure backup jobs to execute malicious batch files or programs before or after backup operations, which run with the privileges of the Iperius Backup Service account (Local System or Administrator), enabling privilege escalation and arbitrary code execution.
Title Iperius Backup 6.1.0 Privilege Escalation via Backup Job
Weaknesses CWE-520
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Iperius Iperius Backup
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-23T15:30:27.448Z

Reserved: 2026-03-22T13:14:56.383Z

Link: CVE-2019-25608

cve-icon Vulnrichment

Updated: 2026-03-23T15:30:23.097Z

cve-icon NVD

Status : Deferred

Published: 2026-03-22T14:16:28.807

Modified: 2026-04-16T16:19:50.757

Link: CVE-2019-25608

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:46:08Z

Weaknesses