Local Privilege Escalation in Acronis Cyber Protect Cloud Agent for Windows
CVE-2025-30407

6.3MEDIUM

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect Cloud Agent
Vendor: CVE Published:; 26 March 2025

What is CVE-2025-30407?

Acronis Cyber Protect Cloud Agent for Windows is vulnerable to a local privilege escalation caused by binary hijacking. This flaw allows attackers to gain elevated privileges on the affected system, compromising its security. Users of the software should ensure they update to build 39713 or later to mitigate this risk.

Affected Version(s)

Acronis Cyber Protect Cloud Agent Windows < 39713

References

https://security-advisory.acronis.com/advisories/SEC-8414

vendor-advisory

CVSS V3.0

Score:

6.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2025
Vulnerability Reserved
Mar 21, 2025