What is CVE-2024-25228?

CVE-2024-25228 is a vulnerability in N/a. Published 2024-03-14.

Is CVE-2024-25228 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2024-25228

Vinchin Backup and Recovery 7.2 and Earlier is vulnerable to Authenticated Remote Code Execution (RCE) via the getVerifydiyResult function in ManoeuvreHandler.class.php.

EPSS: 0.577 (98.2th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

ARPSyndicate/cve-scores
Chocapikk/Chocapikk
Chocapikk/My-CVEs
fkie-cad/nvd-json-data-feeds
rkraper339/CVE-2024-25228-POC

References

blog.leakix.net/2024/01/vinchin-backup-rce-chain/
20240313 [Full Disclosure] CVE-2024-25228: Unpatched Command Injection in Vinchin Backup & Recovery Versions 7.2 and Earlier (mailing-list)

Frequently asked questions

What is CVE-2024-25228?: CVE-2024-25228 is a vulnerability in N/a. Published 2024-03-14.
Is CVE-2024-25228 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.