{"id":59356,"date":"2025-07-13T16:55:44","date_gmt":"2025-07-13T16:55:44","guid":{"rendered":""},"modified":"2025-10-21T17:37:23","modified_gmt":"2025-10-21T23:37:23","slug":"cve-2025-43596-insecure-file-system-permissions-vulnerability-in-msp360-backup-8-0","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-43596-insecure-file-system-permissions-vulnerability-in-msp360-backup-8-0\/","title":{"rendered":"CVE-2025-43596: Insecure File System Permissions Vulnerability in MSP360 Backup 8.0<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

CVE-2025-43596 is a significant cybersecurity vulnerability that impacts the MSP360 Backup version 8.0. This vulnerability allows a lower privileged user to execute commands with system-level privileges, thereby posing a severe threat to system integrity and data confidentiality. This issue arises due to insecure file system permissions, with the potential to lead to system<\/a> compromise or data leakage if exploited. Affected entities include any organization or individual utilizing MSP360 Backup 8.0 for their data backup needs. Mitigation is possible through timely application of the vendor patch or employing WAF\/IDS as a temporary solution.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-43596
\nSeverity: High (7.8 CVSS Score)
\nAttack Vector: Local
\nPrivileges Required: Low
\nUser Interaction: Required
\nImpact: System compromise<\/a> or data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n Share secrets securely\r\n <\/h2>\r\n\r\n

\r\n Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n <\/p>\r\n\r\n

\r\n Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n <\/p>\r\n\r\n