Skip to main content

Syncbackfree EUVDEUVD-2025-17357

| CVE-2025-5474 HIGH
Improper Link Resolution Before File Access (CWE-59)
2025-06-06 zdi-disclosures@trendmicro.com
7.3
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.3 HIGH
AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 14, 2026 - 18:10 euvd
EUVD-2025-17357
Analysis Generated
Mar 14, 2026 - 18:10 vuln.today
CVE Published
Jun 06, 2025 - 19:15 nvd
HIGH 7.3

DescriptionCVE.org

2BrightSparks SyncBackFree Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of 2BrightSparks SyncBackFree. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. User interaction on the part of an administrator is also required.

The specific flaw exists within the Mirror functionality. By creating a junction, an attacker can abuse the service to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26962.

AnalysisAI

Local privilege escalation vulnerability in 2BrightSparks SyncBackFree that allows low-privileged attackers to escalate to SYSTEM-level privileges by abusing the Mirror functionality through malicious junction creation. The vulnerability requires local code execution capability and administrator interaction, enabling arbitrary file deletion and code execution with SYSTEM privileges. This is a moderately severe local privilege escalation with a CVSS score of 7.3.

Technical ContextAI

The vulnerability exists in the Mirror functionality of 2BrightSparks SyncBackFree and is classified as CWE-59 (Improper Link Resolution Before File Access), which describes improper handling of symbolic links or junctions that allow attackers to access or modify unintended files. The flaw allows an attacker to create a malicious junction (Windows hard link alternative) that causes the SyncBackFree service—running with elevated SYSTEM privileges—to delete arbitrary files on the filesystem. This represents a classic symlink/junction following vulnerability where the application does not properly validate or sanitize the target path before performing file operations, allowing an attacker to redirect file deletion operations to sensitive system files. The Mirror functionality appears to be a backup/synchronization feature that traverses directory structures and performs file operations, making it susceptible to directory traversal and link-following attacks when junctions are involved.

RemediationAI

Apply the latest security patch from 2BrightSparks for SyncBackFree. Specific patch version numbers were not provided in the available data; consult the official 2BrightSparks website (https://www.2brightsparks.com/) or security advisories for the patched version. Interim mitigations include: (1) Restrict Mirror functionality usage to trusted administrators only; (2) Implement filesystem ACLs to prevent low-privileged users from creating junctions in directories monitored by SyncBackFree Mirror operations; (3) Disable the Mirror functionality if not required; (4) Run SyncBackFree with minimal necessary privileges rather than SYSTEM context if possible; (5) Monitor filesystem for unauthorized junction creation in backup/sync target directories. Users should update to the latest version of SyncBackFree as soon as patches are available from the vendor.

Share

EUVD-2025-17357 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy