Local Privilege Escalation in Acronis Cyber Protect Cloud Agent for Windows
CVE-2025-24831

6.6MEDIUM

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect Cloud Agent
Vendor: CVE Published:; 31 January 2025

Summary

A local privilege escalation vulnerability exists in the Acronis Cyber Protect Cloud Agent for Windows due to an unquoted search path issue. This flaw allows an attacker with local access to manipulate the environment in such a way that they may execute malicious commands with elevated privileges. Users are advised to update to build 39378 or later to mitigate the risk associated with this vulnerability.

Affected Version(s)

Acronis Cyber Protect Cloud Agent Windows < 39378

References

https://security-advisory.acronis.com/advisories/SEC-6153

vendor-advisory

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 31, 2025
Vulnerability Reserved
Jan 24, 2025