VYPR

Reflect

by Macrium

CVEs (5)

  • CVE-2024-55511HigJan 16, 2025
    risk 0.51cvss 7.8epss 0.00

    A null pointer dereference vulnerability in Macrium Reflect prior to 8.1.8017 allows a local attacker to cause a system crash or potentially elevate their privileges via executing a specially crafted executable.

  • CVE-2023-43896HigOct 10, 2023
    risk 0.51cvss 7.8epss 0.00

    A buffer overflow in Macrium Reflect 8.1.7544 and below allows attackers to escalate privileges or execute arbitrary code.

  • CVE-2020-10143HigDec 9, 2020
    risk 0.51cvss 7.8epss 0.01

    Macrium Reflect includes an OpenSSL component that specifies an OPENSSLDIR variable as C:\openssl\. Macrium Reflect contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can…

  • CVE-2025-53395HigAug 4, 2025
    risk 0.50cvss 7.7epss 0.00

    Paramount Macrium Reflect through 2025-06-26 allows local attackers to execute arbitrary code with administrator privileges via a crafted .mrimgx backup file and a malicious VSSSvr.dll located in the same directory. When a user with administrative privileges mounts a backup by…

  • CVE-2025-53394HigAug 4, 2025
    risk 0.50cvss 7.7epss 0.00

    Paramount Macrium Reflect through 2025-06-26 allows attackers to execute arbitrary code with administrator privileges via a crafted .mrimgx or .mrbax backup file and a renamed executable placed in the same directory. When a user with administrative privileges opens the crafted…