Critical security vulnerabilities discovered in Acronis Cyber Protect software
Take action: This is important. Your Acronis Cyber Protect is critically vulnerable, with three flaws being maximum severity. Update to the latest version IMMEDIATELY. If you can't update right away, restrict network access to your Acronis installations and monitor them closely for any suspicious activity.
Learn More
Acronis has addressed multiple critical security vulnerabilities in its comprehensive virus protection and backup software, Acronis Cyber Protect. These vulnerabilities enable attackers to access and manipulate confidential data or extend their rights in the system. Three vulnerabilities are scored with maximum CVSS score of 10.0 out of 10.
Vulnerabilities summary
- CVE-2025-30411 (CVSS score 10.0) - Sensitive data disclosure and manipulation due to insufficient authentication affecting Acronis Cyber Protect 16 for Linux and Windows before build number 39938
- CVE-2025-30416 (CVSS score 10.0) - Unauthorized access and data manipulation caused by missing authorization affecting the same systems
- CVE-2025-30412 (CVSS score 10.0) - Another insufficient authentication vulnerability enabling similar attack vectors
- CVE-2025-30410 (CVSS score 9.8) - Authentication bypass affecting Acronis Cyber Protect Cloud Agent for Linux, macOS, and Windows before build 39870
- CVE-2025-48961 (CVSS score 7.3) - Privilege escalation due to insecure folder permissions in Acronis Cyber Protect 16 for Windows
- CVE-2025-48960 (CVSS score 5.9) - Weak server key usage for TLS encryption in multiple platforms
- CVE-2025-48962 (CVSS score 4.3) - Server-side request forgery (SSRF) vulnerability enabling information theft on macOS systems
The vulnerabilities impact multiple versions of Acronis software, including Acronis Cyber Protect 16 for Linux and Windows before build number 39938, and Acronis Cyber Protect Cloud Agent for Linux, macOS, and Windows before build 39870.
Updates have been available for approximately one month in the form of Acronis Cyber Protect 16 Update 4 for Linux, macOS, and Windows, and Acronis Cyber Protect Cloud Agent Update C25.03 Hotfix 2.
The company strongly urges all users of Acronis software to install these updates immediately to minimize their attack surface and protect against potential exploitation.
Organizations that cannot immediately upgrade should implement strict network access controls and monitor their Acronis installations closely for any signs of unauthorized access.
