Security Bulletin for Carbonite Safe Server Backup 09-12-2025

OpenText Information reimagined

Security alert

RCE vulnerability has been discovered in OpenText™ Carbonite Safe Server Backup.

Systems affected:

Carbonite Safe Server Backup.

Affected version:

Carbonite Safe Server Backup version 6.8.3 and prior.

CVE reference: CVE-2025-9120

CVSS v4.0 score: 7.2

Impact:

The vulnerability could be exploited through an open port, potentially allowing unauthorized access.

Solution:

Upgrade Carbonite Safe Server Backup to version 6.8.4 or higher.

More information

For more information, contact us through the My Support Portal.

Was this article helpful?

Yes

Tell us about yourself

What is the main reason for your visit today?

Did you find what you were looking for?

What is your comfort level with computers?

How often do you visit the Carbonite Support site?

How satisfied are you with...

The layout of the site and articles?

Very Satisfied Satisfied Neutral Dissatisfied Very Dissatisfied

The ease of finding information?

Very Satisfied Satisfied Neutral Dissatisfied Very Dissatisfied

The overall support site?

Very Satisfied Satisfied Neutral Dissatisfied Very Dissatisfied

How likely are you to self-serve in the future?

Very Likely Somewhat Likely Not Sure Somewhat Unlikely Very Unlikely

Restore: The act of downloading your backed up files from our servers to your computer.
Back up: The act of uploading a copy of your files to our servers for safekeeping.
Backup: This is the copy of files that you've backed up to our servers.
InfoCenter: This is the Carbonite user interface on the Windows version of the product.
Carbonite Backup Drive (CBUD): this is your interface into what's in your backup and how you can restore files or remove files from your backup.
Dots: We place colored status dots on your files in order for you to quickly see what's backed up.
Frozen for safekeeping (freeze backup / frozen mode) : This is a state that you can place Carbonite in to let you safely restore your backup. While in this state, no files or changes will be backed up to our servers.