CVE-2025-63680
HIGHNero BackItUp < 2025 - Arbitrary Code Execution via Path Parsing and ShellExecuteW Fallback
Title source: llmDescription
Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw (CWE-22) that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code execution when a user clicks a crafted entry. By creating a trailing-dot folder and placing a same-basename script, Nero BackItUp renders the file as a folder icon and then invokes ShellExecuteW, which executes the script via PATHEXT fallback (.COM/.EXE/.BAT/.CMD). The issue affects recent Nero BackItUp product lines (2019-2025 and earlier) and has been acknowledged by the vendor.
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://github.com/PotatoHamm/Nero-Productline-Vulnerability
Scores
CVSS v3
8.6
EPSS
0.0026
EPSS Percentile
17.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-22
Status
published
Products (1)
nero/backitup
< 2025
Published
Nov 14, 2025
Tracked Since
Feb 18, 2026