Weak TLS Encryption Vulnerability in Acronis Cyber Protect 16
CVE-2025-48960

5.9MEDIUM

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect 16
Vendor: CVE Published:; 4 June 2025

What is CVE-2025-48960?

Acronis Cyber Protect 16 is affected by a vulnerability that arises from the use of a weak server key for TLS encryption. This flaw can expose sensitive information and compromise the integrity of data transmitted over secure connections. Users running versions prior to build 39938 on Linux, macOS, and Windows platforms should be aware of this significant security issue and take appropriate actions to mitigate risk.

Affected Version(s)

Acronis Cyber Protect 16 Linux < 39938

References

https://security-advisory.acronis.com/advisories/SEC-6403

vendor-advisory

CVSS V3.0

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 4, 2025
Vulnerability Reserved
May 29, 2025