Arbitrary File Overwrite in Acronis Backup Plugin and Extension
CVE-2025-24832

4.4MEDIUM

Key Information:

Summary

This vulnerability allows for arbitrary file overwriting during home directory recovery processes due to inadequate handling of symbolic links within the Acronis Backup plugin for cPanel & WHM and the Acronis Backup extension for Plesk. This can lead to unauthorized access and potential data compromise if exploited. Users of the affected products should ensure they are running the latest builds to mitigate any risks associated with this security flaw.

Affected Version(s)

Acronis Backup extension for Plesk Linux < 1.8.7.615

Acronis Backup plugin for cPanel & WHM Linux < 1.8.4.866

Acronis Backup plugin for cPanel & WHM Linux < 1.9.1.892

References

CVSS V3.0

Score:
4.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.