CVE-2025-7779 | THREATINT

Description

Local privilege escalation due to insecure XPC service configuration. The following products are affected: Acronis True Image (macOS) before build 42389, Acronis True Image for SanDisk (macOS) before build 42198, Acronis True Image for Western Digital (macOS) before build 42197.

PUBLISHED Reserved 2025-07-17 | Published 2025-09-30 | Updated 2025-10-01 | Assigner Acronis

HIGH: 8.8CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-269

Product status

Default status

unaffected

Any version before 42389

affected

Default status

unaffected

Any version before 42198

affected

Default status

unaffected

Any version before 42197

affected

Credits

@nullevent (https://hackerone.com/nullevent) finder

Carlos Garrido (https://pentraze.com/vulnerability-reports) finder

Pentraze Cyber Security (https://pentraze.com/vulnerability-reports) finder

References

security-advisory.acronis.com/advisories/SEC-8193 (SEC-8193) vendor-advisory

cve.org (CVE-2025-7779)

nvd.nist.gov (CVE-2025-7779)

Download JSON