CVE-2025-53394

Published: Aug 4, 2025

Modified: Aug 5, 2025

PUBLISHED

CVSS v3.1

7.7

HIGH

Description

Paramount Macrium Reflect through 2025-06-26 allows attackers to execute arbitrary code with administrator privileges via a crafted .mrimgx or .mrbax backup file and a renamed executable placed in the same directory. When a user with administrative privileges opens the crafted backup file and proceeds to mount it, Reflect launches the renamed executable (e.g., explorer.exe), which is under attacker control. This occurs because of insufficient validation of companion files referenced during backup mounting.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:H/S:C/UI:R

Attack Complexity

Low

Attack Vector

Local

Availability

High

Confidentiality

High

Integrity

High

Privileges Required

High

Scope

Changed

User Interaction

Required

References

https://macrium.com

https://www.macrium.com/blog/macrium-security-advisory-cve-2025-53394-cve-2025-53395

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-53394

Description

Affected Products

CVSS v3.1 Details

References