CVE-2019-25608
Published: 22 March 2026
Summary
CVE-2019-25608 is a high-severity .NET Misconfiguration: Use of Impersonation (CWE-520) vulnerability in Iperiusbackup (inferred from references). Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 3.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2019-25608 is a privilege escalation vulnerability affecting Iperius Backup version 6.1.0. The flaw enables low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs. Attackers can configure these jobs to run malicious batch files or programs before or after backup operations, with the commands executing under the privileges of the Iperius Backup Service account, which operates as Local System or Administrator. This leads to privilege escalation and arbitrary code execution, mapped to CWE-520.
A local attacker requires only low privileges or potentially none beyond local access, as indicated by the CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Exploitation involves creating a malicious backup job that triggers the elevated execution, allowing full compromise of the system through high confidentiality, integrity, and availability impacts.
Advisories and references, including an Exploit-DB entry (46863) with a proof-of-concept, the Iperius Backup vendor site, its download page, and a VulnCheck advisory on the privilege escalation via backup jobs, provide further details. Security practitioners should review these sources for any vendor-recommended patches or workarounds.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-19957
Vulnerability details
Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs. Attackers can configure backup jobs to execute malicious batch files or programs before or after backup operations,…
more
which run with the privileges of the Iperius Backup Service account (Local System or Administrator), enabling privilege escalation and arbitrary code execution.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct local privilege escalation to SYSTEM via abuse of backup job pre/post command execution feature, enabling arbitrary code via batch/programs.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates CVE-2019-25608 by requiring timely identification, reporting, and correction of the privilege escalation flaw in Iperius Backup 6.1.0.
Prevents effective privilege escalation by enforcing least privilege on the Iperius Backup Service account, limiting damage from arbitrary code execution in malicious backup jobs.
Reduces vulnerability exploitation by configuring the backup software with least functionality, such as restricting low-privilege user creation of executable pre/post-backup jobs.