CVE-2025-30411 | THREATINT

Description

Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.

PUBLISHED Reserved 2025-03-21 | Published 2026-02-20 | Updated 2026-02-20 | Assigner Acronis

CRITICAL: 10.0CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-1390

Product status

Default status

unaffected

Any version before 39938

affected

Default status

unaffected

Any version before 41800

affected

Credits

Airbus SecLab (mailto:vuln@airbus.com) finder

Quentin Liddell (mailto:vuln@airbus.com) finder

Mattéo Ricordeau (mailto:vuln@airbus.com) finder

Benoît Camredon (mailto:vuln@airbus.com) finder

References

security-advisory.acronis.com/advisories/SEC-8768 (SEC-8768) vendor-advisory

cve.org (CVE-2025-30411)

nvd.nist.gov (CVE-2025-30411)

Download JSON