CVE-2025-43596 is a high-severity vulnerability identified in MSP360 Backup version 8.0, classified under CWE-276 (Incorrect Default Permissions). The vulnerability arises from insecure file system permissions that allow a low-privileged user to escalate privileges to SYSTEM level by leveraging a specially crafted file with an arbitrary file backup target. Essentially, the backup software improperly sets permissions on files it handles, enabling an attacker with limited access to execute commands with the highest system privileges. This can lead to full system compromise, including unauthorized access to sensitive data, modification or deletion of critical files, and disruption of backup operations. The vulnerability does not require user interaction but does require the attacker to have low-level privileges on the affected system. The CVSS v3.1 base score is 7.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity and limited privileges required. The vendor has addressed this issue in MSP360 Backup version 8.1.1.19, released on May 15, 2025. No known exploits are currently reported in the wild, but the nature of the vulnerability suggests that exploitation could be straightforward once an attacker has low-level access.

For European organizations, this vulnerability poses a significant risk, especially for enterprises relying on MSP360 Backup 8.0 for critical data protection and disaster recovery. Successful exploitation could lead to complete system takeover, allowing attackers to steal sensitive corporate or customer data, disrupt backup and recovery processes, and potentially deploy ransomware or other malware with SYSTEM privileges. This could result in operational downtime, regulatory non-compliance (e.g., GDPR violations due to data breaches), financial losses, and reputational damage. Organizations in sectors with high data sensitivity such as finance, healthcare, and government are particularly at risk. Additionally, since backup systems often have elevated privileges and access to large volumes of data, compromise here can have cascading effects across the IT environment.

European organizations using MSP360 Backup 8.0 should urgently upgrade to version 8.1.1.19 or later to remediate this vulnerability. Beyond patching, organizations should audit file system permissions related to backup software directories and files to ensure they adhere to the principle of least privilege. Implement strict access controls to limit which users can interact with backup software and its files. Employ application whitelisting and endpoint detection to monitor for unusual command executions originating from backup-related processes. Regularly review and harden backup configurations, and segregate backup environments from general user environments to reduce the risk of privilege escalation. Additionally, conduct internal penetration testing focusing on privilege escalation vectors to detect similar permission misconfigurations. Maintain up-to-date asset inventories to quickly identify affected systems and prioritize patch deployment. Finally, ensure robust logging and monitoring are in place to detect any exploitation attempts promptly.