Local Privilege Escalation Vulnerability in Acronis Cyber Protect 16
CVE-2025-48961

7.3HIGH

Key Information:

Vendor

Acronis
Status
Acronis Cyber Protect 16
Vendor
CVE Published:
4 June 2025

What is CVE-2025-48961?

A vulnerability exists in Acronis Cyber Protect 16 that allows local privilege escalation due to insecure folder permissions. Attackers may exploit this weakness to gain elevated privileges, potentially compromising sensitive data and system integrity. It is crucial for users to update to build 39938 or later to mitigate this risk.

Affected Version(s)

Acronis Cyber Protect 16 Windows < 39938

References

https://security-advisory.acronis.com/advisories/SEC-8000
vendor-advisory

CVSS V3.0

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

@s3nds3c (https://hackerone.com/s3nds3c)
JSON
.
CVE-2025-48961 : Local Privilege Escalation Vulnerability in Acronis Cyber Protect 16