Sensitive Information Disclosure in Acronis Cyber Protect Products
CVE-2025-11791

5.5MEDIUM

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect 17; Acronis Cyber Protect Cloud Agent
Vendor: CVE Published:; 5 March 2026

What is CVE-2025-11791?

A vulnerability has been identified in Acronis Cyber Protect and Acronis Cyber Protect Cloud Agent, where insufficient authorization checks could lead to sensitive information being disclosed or manipulated. This affects various operating systems including Linux, macOS, and Windows for specific product versions prior to their respective builds. Users should be aware of the potential risks this vulnerability poses and should apply the necessary patches or updates to mitigate these issues.

Affected Version(s)

Acronis Cyber Protect 17 Linux < 41186

Acronis Cyber Protect Cloud Agent Linux < 41124

References

https://security-advisory.acronis.com/advisories/SEC-9405

vendor-advisory

CVSS V3.0

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 5, 2026
Vulnerability Reserved
Oct 15, 2025

CVE-2025-11791 Data

JSON