Search criteria
2 vulnerabilities found for Carbonite Safe Server Backup by OpenText™
CVE-2025-9120 (GCVE-0-2025-9120)
Vulnerability from nvd – Published: 2026-02-24 00:03 – Updated: 2026-02-24 16:35
VLAI?
Title
RCE vulnerability has been discovered in OpenText™ Carbonite Safe Server Backup.
Summary
Improper Control of Generation of Code ('Code Injection') vulnerability in OpenText™ Carbonite Safe Server Backup allows Code Injection.
The vulnerability could be exploited through an open port, potentially allowing unauthorized access.
This issue affects Carbonite Safe Server Backup: through 6.8.3.
Severity ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText™ | Carbonite Safe Server Backup |
Affected:
0 , ≤ 6.8.3
(custom)
|
Credits
Harrison Neal
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9120",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-24T16:34:47.026099Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T16:35:24.700Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Carbonite Safe Server Backup",
"vendor": "OpenText\u2122",
"versions": [
{
"lessThanOrEqual": "6.8.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Harrison Neal"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in OpenText\u2122 Carbonite Safe Server Backup allows Code Injection.\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(254, 254, 254);\"\u003eThe vulnerability could be exploited through an open port, potentially allowing unauthorized access.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Carbonite Safe Server Backup: through 6.8.3.\u003c/p\u003e"
}
],
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in OpenText\u2122 Carbonite Safe Server Backup allows Code Injection.\u00a0\n\nThe vulnerability could be exploited through an open port, potentially allowing unauthorized access.\n\nThis issue affects Carbonite Safe Server Backup: through 6.8.3."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T00:03:08.646Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://support.carbonite.com/articles/Security-Bulletin-for-Carbonite-Safe-Server-Backup-09-12-2025"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.carbonite.com/articles/Security-Bulletin-for-Carbonite-Safe-Server-Backup-09-12-2025\"\u003ehttps://support.carbonite.com/articles/Security-Bulletin-for-Carbonite-Safe-Server-Backup-09-12-2025\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "https://support.carbonite.com/articles/Security-Bulletin-for-Carbonite-Safe-Server-Backup-09-12-2025"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "RCE vulnerability has been discovered in OpenText\u2122 Carbonite Safe Server Backup.",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2025-9120",
"datePublished": "2026-02-24T00:03:08.646Z",
"dateReserved": "2025-08-18T18:06:33.953Z",
"dateUpdated": "2026-02-24T16:35:24.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9120 (GCVE-0-2025-9120)
Vulnerability from cvelistv5 – Published: 2026-02-24 00:03 – Updated: 2026-02-24 16:35
VLAI?
Title
RCE vulnerability has been discovered in OpenText™ Carbonite Safe Server Backup.
Summary
Improper Control of Generation of Code ('Code Injection') vulnerability in OpenText™ Carbonite Safe Server Backup allows Code Injection.
The vulnerability could be exploited through an open port, potentially allowing unauthorized access.
This issue affects Carbonite Safe Server Backup: through 6.8.3.
Severity ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText™ | Carbonite Safe Server Backup |
Affected:
0 , ≤ 6.8.3
(custom)
|
Credits
Harrison Neal
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9120",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-24T16:34:47.026099Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T16:35:24.700Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Carbonite Safe Server Backup",
"vendor": "OpenText\u2122",
"versions": [
{
"lessThanOrEqual": "6.8.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Harrison Neal"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in OpenText\u2122 Carbonite Safe Server Backup allows Code Injection.\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(254, 254, 254);\"\u003eThe vulnerability could be exploited through an open port, potentially allowing unauthorized access.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Carbonite Safe Server Backup: through 6.8.3.\u003c/p\u003e"
}
],
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in OpenText\u2122 Carbonite Safe Server Backup allows Code Injection.\u00a0\n\nThe vulnerability could be exploited through an open port, potentially allowing unauthorized access.\n\nThis issue affects Carbonite Safe Server Backup: through 6.8.3."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T00:03:08.646Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://support.carbonite.com/articles/Security-Bulletin-for-Carbonite-Safe-Server-Backup-09-12-2025"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.carbonite.com/articles/Security-Bulletin-for-Carbonite-Safe-Server-Backup-09-12-2025\"\u003ehttps://support.carbonite.com/articles/Security-Bulletin-for-Carbonite-Safe-Server-Backup-09-12-2025\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "https://support.carbonite.com/articles/Security-Bulletin-for-Carbonite-Safe-Server-Backup-09-12-2025"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "RCE vulnerability has been discovered in OpenText\u2122 Carbonite Safe Server Backup.",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2025-9120",
"datePublished": "2026-02-24T00:03:08.646Z",
"dateReserved": "2025-08-18T18:06:33.953Z",
"dateUpdated": "2026-02-24T16:35:24.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}