CVE-2025-8611 is a critical remote code execution vulnerability affecting AOMEI Cyber Backup version 3.7.0. The root cause is a missing authentication mechanism in the DaoService component, which listens on TCP port 9074 by default. This service exposes critical functionality without requiring any form of authentication, allowing unauthenticated remote attackers to execute arbitrary code with SYSTEM-level privileges. The vulnerability is classified under CWE-306 (Missing Authentication for Critical Function), indicating that the affected function should have been protected by authentication but was not. Exploitation requires no user interaction and no prior privileges, making it trivially exploitable over the network. The attacker can leverage this flaw to gain full control over the affected system, potentially leading to complete compromise of backup infrastructure, data theft, destruction, or ransomware deployment. The CVSS v3.0 base score of 9.8 reflects the critical severity, with attack vector network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). Although no public exploits are currently known, the ease of exploitation and severity make this vulnerability a high priority for patching and mitigation.

For European organizations, this vulnerability poses a significant risk to the integrity and availability of backup systems, which are critical for data protection and disaster recovery. Successful exploitation could allow attackers to execute arbitrary code as SYSTEM, potentially leading to data theft, destruction of backup data, or use of the compromised system as a foothold for lateral movement within the network. This could disrupt business continuity, cause regulatory compliance violations (especially under GDPR due to potential data breaches), and result in financial and reputational damage. Organizations relying on AOMEI Cyber Backup 3.7.0 for protecting sensitive or critical data are particularly vulnerable. The lack of authentication means that attackers can scan for exposed TCP port 9074 and exploit the vulnerability remotely without any credentials, increasing the attack surface. Given the criticality of backup infrastructure in European enterprises, including sectors like finance, healthcare, and government, the impact could be severe if exploited.

1. Immediate mitigation should focus on restricting network access to TCP port 9074 using firewalls or network segmentation to limit exposure to trusted management networks only. 2. Disable or stop the DaoService if it is not required or if an immediate patch is not available. 3. Monitor network traffic for any suspicious connections to port 9074 and implement intrusion detection/prevention rules targeting this service. 4. Since no patch is currently available, coordinate with AOMEI for timely updates and apply patches as soon as they are released. 5. Employ application-layer authentication proxies or VPNs to enforce authentication before accessing the vulnerable service. 6. Conduct thorough audits of backup systems to detect any signs of compromise or unauthorized access. 7. Implement strict access controls and logging around backup infrastructure to detect anomalous activities. 8. Educate IT and security teams about this vulnerability and ensure rapid incident response capabilities are in place.