critical advisory March 23, 2026

Iperius Backup 6.1.0 Privilege Escalation via Malicious Backup Jobs (CVE-2019-25608)

Iperius Backup 6.1.0 is vulnerable to privilege escalation, allowing low-privilege users to execute arbitrary programs with elevated privileges by creating malicious backup jobs that execute pre- or post-backup scripts with SYSTEM privileges.

Iperius Backup 6.1.0 is susceptible to a privilege escalation vulnerability (CVE-2019-25608) that enables unprivileged users to gain elevated permissions on the system. This flaw allows attackers to create and configure backup jobs to execute arbitrary code, such as batch files or executable programs, with the privileges of the Iperius Backup Service account, which typically runs as Local System or Administrator. The vulnerability stems from insufficient checks on the scripts or programs…

Detection coverage 2

Suspicious Process Spawned by Iperius Backup Service

high

Detects suspicious processes spawned by the Iperius Backup service, which could indicate exploitation of CVE-2019-25608.

sigma tactics: privilege_escalation techniques: T1068, T1543.003 sources: process_creation, windows

Iperius Backup Service Running Suspicious Command

critical

Detects the Iperius Backup service executing suspicious commands, potentially indicating CVE-2019-25608 exploitation.

sigma tactics: privilege_escalation techniques: T1059.001, T1068 sources: process_creation, windows

Detection queries are kept inside the platform. Get full rules →