Severity by source
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
8DescriptionCVE.org
A vulnerability has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this issue is some unknown functionality of the component Backup Job Configuration File Handler. The manipulation leads to improper privilege management. The attack must be carried out locally. The attack is considered to have high complexity. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 8.7.4 can resolve this issue. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
AnalysisAI
Improper privilege management in Iperius Backup through version 8.7.3 allows local authenticated attackers to escalate privileges via manipulation of the Backup Job Configuration File Handler, with public exploit code available. The vulnerability requires local access and high attack complexity but grants full confidentiality and integrity impacts to affected systems. Upgrade to version 8.7.4 or later to remediate.
Technical ContextAI
This vulnerability affects Enter Software Iperius Backup (CPE: cpe:2.3:a:enter_software:iperius_backup:*:*:*:*:*:*:*:*) and is classified as CWE-269 (Improper Privilege Management). The flaw resides in the Backup Job Configuration File Handler component, which appears to handle configuration files for backup jobs without properly validating or restricting privilege levels. This class of vulnerability typically occurs when an application fails to properly drop elevated privileges, incorrectly assigns permissions, or allows unauthorized privilege escalation through manipulation of configuration data or file handlers that run with elevated system privileges.
RemediationAI
Upgrade Iperius Backup to version 8.7.4 or later immediately to resolve this vulnerability, as confirmed by the vendor and available at https://www.iperiusbackup.com/download-software-backup.aspx. The vendor responded professionally and released the patch quickly after notification. Until patching is completed, organizations should implement compensating controls including restricting local access to systems running Iperius Backup to only trusted administrators, monitoring backup job configuration file modifications for unauthorized changes, and applying principle of least privilege to limit potential attackers who might have the low-level access required. Review audit logs for any suspicious privilege escalation attempts or unauthorized backup job configuration modifications that may indicate exploitation attempts.
More in Iperius Backup
View allIperius Backup 5.8.1 contains a local buffer overflow vulnerability in the structured exception handling (SEH) mechanism
Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary
Iperius Backup 8.7.3 creates temporary files with insecure permissions in the Backup Service component, allowing local a
Iperius Backup versions up to 8.7.2 use a hard-coded cryptographic key for IperiusAccounts.ini file encryption, allowing
A local information disclosure vulnerability exists in Enter Software Iperius Backup versions up to 8.7.3 within the NTL
Same weakness CWE-269 – Improper Privilege Management
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-16006
GHSA-r7j5-cv7f-qr4c