Local Privilege Escalation in Acronis Snap Deploy for Windows
CVE-2025-24826

Currently unrated

Key Information:

Vendor: Acronis
Status: Acronis Snap Deploy
Vendor: CVE Published:; 28 January 2025

Summary

A vulnerability exists in Acronis Snap Deploy for Windows due to improper folder permissions, which could allow a local attacker to escalate privileges. This vulnerability impacts versions prior to build 4625. Users are encouraged to apply the recommended updates to safeguard their systems against potential exploitation.

Affected Version(s)

Acronis Snap Deploy Windows < 4625

References

https://security-advisory.acronis.com/advisories/SEC-6436

vendor-advisory

Timeline

Vulnerability published
Jan 28, 2025
Vulnerability Reserved
Jan 24, 2025

Credit

@wdormann (https://hackerone.com/wdormann)