Local Privilege Escalation in Acronis Cyber Protect Cloud Agent for Windows
CVE-2025-24829

6.3MEDIUM

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect Cloud Agent
Vendor: CVE Published:; 31 January 2025

Summary

A local privilege escalation vulnerability exists in the Acronis Cyber Protect Cloud Agent for Windows due to DLL hijacking. When exploited, this vulnerability allows an attacker with local access to gain elevated privileges, potentially compromising the system's security and integrity. Users are advised to update to build 39378 or later to mitigate this risk. For further details, refer to the vendor advisory linked here: SEC-7839.

Affected Version(s)

Acronis Cyber Protect Cloud Agent Windows < 39378

References

https://security-advisory.acronis.com/advisories/SEC-7839

vendor-advisory

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 31, 2025
Vulnerability Reserved
Jan 24, 2025

Credit

@cyberexplorer (https://hackerone.com/cyberexplorer)