CVE-2025-43595 – MSP360 Backup Privilege Escalation Vulnerability

May 1, 2025

CVE ID : CVE-2025-43595

Published : May 1, 2025, 10:15 p.m. | 1 hour, 12 minutes ago

Description : An insecure file system permissions vulnerability in MSP360 Backup 4.3.1.115 allows a lower privileged user to execute commands with root level privileges in the ‘Online Backup’ folder. Users are recommended to upgrade to MSP360 Backup 4.4 (released on 2025-04-22).

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4176 – PHPGurukul Blood Bank & Donor Management System SQL Injection Vulnerability

Next Article CVE-2025-27365 – IBM MQ Operator SIGSEGV Memory Corruption Vulnerability

Highlights

CVE-2025-3935 – ScreenConnect ASP.NET ViewState Code Injection Vulnerability

April 25, 2025

CVE ID : CVE-2025-3935

Published : April 25, 2025, 7:15 p.m. | 29 minutes ago

Description : ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. ASP.NET Web Forms use ViewState to preserve page and control state, with data encoded using Base64 protected by machine keys.
It is important to note that to obtain these machine keys, privileged system level access must be obtained.

If these machine keys are compromised, attackers could create and send a malicious ViewState to the website, potentially leading to remote code execution on the server.

The risk does not originate from a vulnerability introduced by ScreenConnect, but from platform level behavior. This had no direct impact to ScreenConnect Client. ScreenConnect 2025.4 patch disables ViewState and removes any dependency on it.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Modernizing your approach to governance, risk and compliance

ScyllaDB X Cloud’s autoscaling capabilities meet the needs of unpredictable workloads in real time

Parasoft C/C++test 2025.1, Secure Code Warrior AI Security Rules, and more – Daily News Digest

What I Wish Someone Told Me When I Was Getting Into ARIA

Hades 2 gets another major update bringing new art, godly powers, and romance as Supergiant gets ready for the game’s full release

Sam Altman says OpenAI could need a “significant fraction” of the Earth’s power for future artificial intelligence computing

Microsoft’s Windows 95 testing phase was so intense that it crashed cash registers with over $10,000 worth of software

The biggest rival for Microsoft’s Xbox Ally is Valve’s Steam Deck, not Switch 2, so stop comparing the wrong gaming handhelds

Microsoft Copilot for Power Platform

Microsoft Copilot for Power Platform

Integrate Coveo Atomic CLI-Based Hosted Search Page into Adobe Experience Manager (AEM)

Mastering TypeScript: Your Ultimate Guide to Types, Inference & Compatibility

Hades 2 gets another major update bringing new art, godly powers, and romance as Supergiant gets ready for the game’s full release

Hades 2 gets another major update bringing new art, godly powers, and romance as Supergiant gets ready for the game’s full release

Sam Altman says OpenAI could need a “significant fraction” of the Earth’s power for future artificial intelligence computing

Microsoft’s Windows 95 testing phase was so intense that it crashed cash registers with over $10,000 worth of software

CVE-2025-43595 – MSP360 Backup Privilege Escalation Vulnerability

Two Distinct Botnets Exploit Wazuh Server Vulnerability to Launch Mirai-Based Attacks

Over 70 Organizations Across Multiple Sectors Targeted by China-Linked Cyber Espionage Group

CVE-2025-4838 – Kanwangzjm Funiture Open Redirect Vulnerability

Sunshine And March Vibes (2025 Wallpapers Edition)

CVE-2025-32952 – Jmix File Size Limitation Dos

CVE-2025-43863 – vantage6 is an open source framework built to enab

CVE-2025-3935 – ScreenConnect ASP.NET ViewState Code Injection Vulnerability

CVE-2025-4734 – Campcodes Sales and Inventory System SQL Injection

LangSmith Bug Could Expose OpenAI Keys and User Data via Malicious Agents

I tested Geekom’s new mini PC — A tiny Windows box that feels bigger on the inside with quad monitor support

CVE-2025-43595 – MSP360 Backup Privilege Escalation Vulnerability

Related Posts