Local Privilege Escalation in Acronis Cyber Protect Cloud Agent for Windows
CVE-2025-30408

6.7MEDIUM

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect Cloud Agent
Vendor: CVE Published:; 24 April 2025

What is CVE-2025-30408?

Acronis Cyber Protect Cloud Agent for Windows is susceptible to a local privilege escalation vulnerability caused by insecure folder permissions. This flaw allows unauthorized users to gain elevated privileges, potentially leading to further exploitation within the system. Users are advised to upgrade to build 39904 or later to mitigate the risks associated with this vulnerability.

Affected Version(s)

Acronis Cyber Protect Cloud Agent Windows < 39904

References

https://security-advisory.acronis.com/advisories/SEC-8035

vendor-advisory

CVSS V3.0

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2025
Vulnerability Reserved
Mar 21, 2025

Credit

@s3nds3c (https://hackerone.com/s3nds3c)