{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T11:05:08.860","vulnerabilities":[{"cve":{"id":"CVE-2025-8610","sourceIdentifier":"zdi-disclosures@trendmicro.com","published":"2025-08-20T17:15:38.140","lastModified":"2025-08-25T01:57:35.273","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AOMEI Cyber Backup. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the StorageNode service, which listens on TCP port 9075 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-26156."},{"lang":"es","value":"Vulnerabilidad de ejecución remota de código en funciones críticas por falta de autenticación en AOMEI Cyber Backup. Esta vulnerabilidad permite a atacantes remotos ejecutar código arbitrario en las instalaciones afectadas de AOMEI Cyber Backup. No se requiere autenticación para explotar esta vulnerabilidad. La falla específica se encuentra en el servicio StorageNode, que escucha en el puerto TCP 9075 por defecto. El problema se debe a la falta de autenticación antes de permitir el acceso a la funcionalidad. Un atacante puede aprovechar esta vulnerabilidad para ejecutar código en el contexto de SYSTEM. Era ZDI-CAN-26156."}],"metrics":{"cvssMetricV30":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:aomei:cyber_backup:3.7.0:*:*:*:*:*:*:*","matchCriteriaId":"340680D8-B799-402E-A9C3-1DD89C2A0C4D"}]}]}],"references":[{"url":"https://www.zerodayinitiative.com/advisories/ZDI-25-808/","source":"zdi-disclosures@trendmicro.com","tags":["Third Party Advisory"]}]}}]}