CVE-2025-9120

Improper Control of Generation of Code ('Code Injection') vulnerability in OpenText™ Carbonite Safe Server Backup allows Code Injection. The vulnerability could be exploited through an open port, potentially allowing unauthorized access. This issue affects Carbonite Safe Server Backup: through 6.8.3.

CVSS

No CVSS.

References

Link	Resource
https://support.carbonite.com/articles/Security-Bulletin-for-Carbonite-Safe-Server-Backup-09-12-2025

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Vulnerabilidad de control inadecuado de la generación de código ('Inyección de código') en OpenText™ Carbonite Safe Server Backup permite la inyección de código. La vulnerabilidad podría ser explotada a través de un puerto abierto, lo que podría permitir el acceso no autorizado. Este problema afecta a Carbonite Safe Server Backup: hasta la versión 6.8.3.

24 Feb 2026, 01:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-24 01:16

Updated : 2026-06-17 10:08

NVD link : CVE-2025-9120

Mitre link : CVE-2025-9120

CVE.ORG link : CVE-2025-9120

JSON object : View

Products Affected

No product.

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2025-9120", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2025-9120", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "total"}], "version": "2.0.3", "timestamp": "2026-02-24T16:34:47.026099Z"}}], "cvssMetricV40": [{"type": "Secondary", "source": "security@opentext.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "affected": [{"source": "security@opentext.com", "affectedData": [{"vendor": "OpenText\u2122", "product": "Carbonite Safe Server Backup", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "6.8.3"}], "defaultStatus": "unaffected"}]}], "published": "2026-02-24T01:16:12.077", "references": [{"url": "https://support.carbonite.com/articles/Security-Bulletin-for-Carbonite-Safe-Server-Backup-09-12-2025", "source": "security@opentext.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "security@opentext.com", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in OpenText\u2122 Carbonite Safe Server Backup allows Code Injection.\u00a0\n\nThe vulnerability could be exploited through an open port, potentially allowing unauthorized access.\n\nThis issue affects Carbonite Safe Server Backup: through 6.8.3."}, {"lang": "es", "value": "Vulnerabilidad de control inadecuado de la generaci\u00f3n de c\u00f3digo ('Inyecci\u00f3n de c\u00f3digo') en OpenText\u2122 Carbonite Safe Server Backup permite la inyecci\u00f3n de c\u00f3digo.\n\nLa vulnerabilidad podr\u00eda ser explotada a trav\u00e9s de un puerto abierto, lo que podr\u00eda permitir el acceso no autorizado.\n\nEste problema afecta a Carbonite Safe Server Backup: hasta la versi\u00f3n 6.8.3."}], "lastModified": "2026-06-17T10:08:21.793", "sourceIdentifier": "security@opentext.com"}