Severity by source
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
8DescriptionCVE.org
A vulnerability was detected in Enter Software Iperius Backup bis 8.7.3. Affected is an unknown function of the file C:\ProgramData\IperiusBackup\Jobs\ of the component Backup Service. Performing a manipulation results in creation of temporary file with insecure permissions. The attack is only possible with local access. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The exploit is now public and may be used. Upgrading to version 8.7.4 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
AnalysisAI
Iperius Backup 8.7.3 creates temporary files with insecure permissions in the Backup Service component, allowing local authenticated attackers to potentially escalate privileges or access sensitive data. The vulnerability requires local access and high attack complexity, but public exploit code exists. Upgrading to version 8.7.4 resolves the issue.
Technical ContextAI
The vulnerability affects Enter Software Iperius Backup (CPE: cpe:2.3:a:enter_software:iperius_backup:*:*:*:*:*:*:*:*) through version 8.7.3. It is classified under CWE-378 (Creation of Temporary File With Insecure Permissions), where the Backup Service component creates temporary files in C:\ProgramData\IperiusBackup\Jobs\ with permissions that allow unauthorized local users to read, modify, or leverage these files. This class of vulnerability typically arises when applications fail to properly restrict file permissions during temporary file creation, allowing lower-privileged users to access sensitive data or manipulate files to escalate privileges. The Windows-specific file path indicates this affects only Windows deployments of Iperius Backup.
RemediationAI
Upgrade Iperius Backup to version 8.7.4 or later immediately, available from https://www.iperiusbackup.com/download-software-backup.aspx. The vendor responded professionally and released a fixed version promptly. Until the upgrade can be applied, implement compensating controls such as restricting local access to the C:\ProgramData\IperiusBackup\Jobs\ directory through Windows file system ACLs to prevent lower-privileged users from accessing this location, and ensure only trusted administrators have local access to systems running Iperius Backup. Monitor the directory for unexpected file access or modification attempts. Review the detailed security advisory at https://github.com/0truust/iperius-backup-security-advisories/blob/main/advisories/arbitrary-file-disclosure.md for additional technical details.
More in Iperius Backup
View allIperius Backup 5.8.1 contains a local buffer overflow vulnerability in the structured exception handling (SEH) mechanism
Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary
Improper privilege management in Iperius Backup through version 8.7.3 allows local authenticated attackers to escalate p
Iperius Backup versions up to 8.7.2 use a hard-coded cryptographic key for IperiusAccounts.ini file encryption, allowing
A local information disclosure vulnerability exists in Enter Software Iperius Backup versions up to 8.7.3 within the NTL
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-16002
GHSA-f8vx-q848-4v5x