CVE-2020-8289

Exploitation Summary

EIP tracks 2 public exploits for CVE-2020-8289. PoCs published by geffner, X1cT34m.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2020-8289, demonstrating remote code execution (RCE) as SYSTEM/root via Backblaze's update mechanism. The exploit leverages SSL certificate validation bypass and file validation flaws to execute arbitrary code.

Description

Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in `bztransmit` helper due to hardcoded whitelist of strings in URLs where validation is disabled leading to possible remote code execution via client update functionality.

Exploits (2)

nomisec WORKING POC 11 stars

by geffner · poc

https://github.com/geffner/CVE-2020-8289

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2020-8289, demonstrating remote code execution (RCE) as SYSTEM/root via Backblaze's update mechanism. The exploit leverages SSL certificate validation bypass and file validation flaws to execute arbitrary code.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Backblaze for Windows and macOS (versions prior to 7.0.1.433 and 7.1.0.434)

No auth needed

Prerequisites: DNS spoofing or hosts file modification to redirect Backblaze update traffic to attacker-controlled server · Self-signed SSL certificate for the attacker's server

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

github WORKING POC 4 stars

by X1cT34m · cpoc

https://github.com/X1cT34m/CVE-and-PoC/tree/main/2020/CVE-2020-8289