Sensitive Data Disclosure and Manipulation in Acronis Cyber Protect by Acronis
CVE-2025-30412

10CRITICAL

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect 16; Acronis Cyber Protect 15
Vendor: CVE Published:; 20 February 2026

What is CVE-2025-30412?

A significant vulnerability exists in Acronis Cyber Protect versions 16 and 15 prior to specified Builds, where insufficient authentication measures permit unauthorized users to access and manipulate sensitive data. This flaw could lead to data disclosure, posing serious risks to the integrity and confidentiality of user information. It is crucial for users and administrators to apply the relevant updates to safeguard their systems against potential exploitation.

Affected Version(s)

Acronis Cyber Protect 15 Linux < 41800

Acronis Cyber Protect 16 Linux < 39938

References

https://security-advisory.acronis.com/advisories/SEC-8598

vendor-advisory

CVSS V3.0

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 20, 2026
Vulnerability Reserved
Mar 21, 2025

Credit

Airbus SecLab (mailto:vuln@airbus.com)

Quentin Liddell (mailto:vuln@airbus.com)

Mattéo Ricordeau (mailto:vuln@airbus.com)

Benoît Camredon (mailto:vuln@airbus.com)

CVE-2025-30412 Data

JSON