Arbitrary File Overwrite in Acronis Backup Plugin and Extension
CVE-2025-24832

4.4MEDIUM

Key Information:

Vendor: Acronis
Status: Acronis Backup Plugin For Cpanel & Whm; Acronis Backup Extension For Plesk
Vendor: CVE Published:; 27 February 2025

What is CVE-2025-24832?

This vulnerability allows for arbitrary file overwriting during home directory recovery processes due to inadequate handling of symbolic links within the Acronis Backup plugin for cPanel & WHM and the Acronis Backup extension for Plesk. This can lead to unauthorized access and potential data compromise if exploited. Users of the affected products should ensure they are running the latest builds to mitigate any risks associated with this security flaw.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Acronis Backup extension for Plesk Linux < 1.8.7.615

Acronis Backup plugin for cPanel & WHM Linux < 1.8.4.866

Acronis Backup plugin for cPanel & WHM Linux < 1.9.1.892

References

https://security-advisory.acronis.com/advisories/SEC-7649

vendor-advisory

CVSS V3.0

Score:

4.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 27, 2025

JSON

Acronis

What is CVE-2025-24832?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.0

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.