CVE-2025-30410 | THREATINT

Description

Sensitive data disclosure and manipulation due to missing authentication. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 39870, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 41800.

PUBLISHED Reserved 2025-03-21 | Published 2026-02-20 | Updated 2026-02-26 | Assigner Acronis

CRITICAL: 9.8CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-306

Product status

Default status

unaffected

Any version before 39870

affected

Default status

unaffected

Any version before 39938

affected

Default status

unaffected

Any version before 41800

affected

Credits

Airbus SecLab (mailto:vuln@airbus.com) finder

Quentin Liddell (mailto:vuln@airbus.com) finder

Mattéo Ricordeau (mailto:vuln@airbus.com) finder

Benoît Camredon (mailto:vuln@airbus.com) finder

References

security-advisory.acronis.com/advisories/SEC-8641 (SEC-8641) vendor-advisory

cve.org (CVE-2025-30410)

nvd.nist.gov (CVE-2025-30410)

Download JSON