Backitup
1 CVEs
product
Monthly
Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw (CWE-22) that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Path Traversal
RCE
Microsoft
Backitup
Windows
NVD
GitHub
CVSS 3.1
8.6
EPSS
0.0%
CVE-2025-63680
EPSS 0%
CVSS 8.6
HIGH
POC
This Week
Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw (CWE-22) that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Path Traversal
RCE
Microsoft
+2
NVD
GitHub