Arbitrary File Overwrite in Acronis Backup Plugin and Extension
CVE-2025-24832

4.4MEDIUM

Key Information:

Vendor: Acronis
Status: Acronis Backup Plugin For Cpanel & Whm; Acronis Backup Extension For Plesk
Vendor: CVE Published:; 27 February 2025

Summary

This vulnerability allows for arbitrary file overwriting during home directory recovery processes due to inadequate handling of symbolic links within the Acronis Backup plugin for cPanel & WHM and the Acronis Backup extension for Plesk. This can lead to unauthorized access and potential data compromise if exploited. Users of the affected products should ensure they are running the latest builds to mitigate any risks associated with this security flaw.

Affected Version(s)

Acronis Backup extension for Plesk Linux < 1.8.7.615

Acronis Backup plugin for cPanel & WHM Linux < 1.8.4.866

Acronis Backup plugin for cPanel & WHM Linux < 1.9.1.892

References

https://security-advisory.acronis.com/advisories/SEC-7649

vendor-advisory

CVSS V3.0

Score:

4.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 27, 2025