Cyber Resilience

CVE-2019-25608

HighPublic PoC

Published: 22 March 2026

Published
22 March 2026
Modified
16 April 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0014 3.4th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2019-25608 is a high-severity .NET Misconfiguration: Use of Impersonation (CWE-520) vulnerability in Iperiusbackup (inferred from references). Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 3.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2019-25608 is a privilege escalation vulnerability affecting Iperius Backup version 6.1.0. The flaw enables low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs. Attackers can configure these jobs to run malicious batch files or programs before or after backup operations, with the commands executing under the privileges of the Iperius Backup Service account, which operates as Local System or Administrator. This leads to privilege escalation and arbitrary code execution, mapped to CWE-520.

A local attacker requires only low privileges or potentially none beyond local access, as indicated by the CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Exploitation involves creating a malicious backup job that triggers the elevated execution, allowing full compromise of the system through high confidentiality, integrity, and availability impacts.

Advisories and references, including an Exploit-DB entry (46863) with a proof-of-concept, the Iperius Backup vendor site, its download page, and a VulnCheck advisory on the privilege escalation via backup jobs, provide further details. Security practitioners should review these sources for any vendor-recommended patches or workarounds.

EU & UK References

Vulnerability details

Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs. Attackers can configure backup jobs to execute malicious batch files or programs before or after backup operations,…

more

which run with the privileges of the Iperius Backup Service account (Local System or Administrator), enabling privilege escalation and arbitrary code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1059.003 Windows Command Shell Execution
Adversaries may abuse the Windows command shell for execution.
Why these techniques?

Direct local privilege escalation to SYSTEM via abuse of backup job pre/post command execution feature, enabling arbitrary code via batch/programs.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

Affected Assets

Iperiusbackup
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates CVE-2019-25608 by requiring timely identification, reporting, and correction of the privilege escalation flaw in Iperius Backup 6.1.0.

prevent

Prevents effective privilege escalation by enforcing least privilege on the Iperius Backup Service account, limiting damage from arbitrary code execution in malicious backup jobs.

prevent

Reduces vulnerability exploitation by configuring the backup software with least functionality, such as restricting low-privilege user creation of executable pre/post-backup jobs.

References