Sensitive Information Disclosure in Acronis Cyber Protect by Acronis
CVE-2025-48962

4.3MEDIUM

Key Information:

Vendor

Acronis
Status
Acronis Cyber Protect 16
Vendor
CVE Published:
4 June 2025

What is CVE-2025-48962?

Acronis Cyber Protect 16 prior to build 39938 is susceptible to sensitive information disclosure due to a Server-Side Request Forgery (SSRF) vulnerability. This security flaw could allow an attacker to manipulate server-side requests, potentially exposing sensitive data. Users are advised to update to the latest build to mitigate this risk.

Affected Version(s)

Acronis Cyber Protect 16 Windows < 39938

References

https://security-advisory.acronis.com/advisories/SEC-8514
vendor-advisory

CVSS V3.0

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

@vultza (https://hackerone.com/vultza)
JSON
.
CVE-2025-48962 : Sensitive Information Disclosure in Acronis Cyber Protect by Acronis