Local Privilege Escalation in Acronis Cyber Protect Cloud Agent for Windows
CVE-2025-30408

6.7MEDIUM

Key Information:

Vendor

Acronis
Status
Acronis Cyber Protect Cloud Agent
Acronis Cyber Protect 16
Vendor
CVE Published:
24 April 2025

What is CVE-2025-30408?

Acronis Cyber Protect Cloud Agent for Windows is susceptible to a local privilege escalation vulnerability caused by insecure folder permissions. This flaw allows unauthorized users to gain elevated privileges, potentially leading to further exploitation within the system. Users are advised to upgrade to build 39904 or later to mitigate the risks associated with this vulnerability.

Affected Version(s)

Acronis Cyber Protect 16 Windows < 39938

Acronis Cyber Protect Cloud Agent Windows < 39904

References

https://security-advisory.acronis.com/advisories/SEC-8035
vendor-advisory

CVSS V3.0

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

@s3nds3c (https://hackerone.com/s3nds3c)
JSON
.
CVE-2025-30408 : Local Privilege Escalation in Acronis Cyber Protect Cloud Agent for Windows