Sensitive Information Disclosure in Acronis Cyber Protect by Acronis
CVE-2025-48962

4.3MEDIUM

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect 16
Vendor: CVE Published:; 4 June 2025

What is CVE-2025-48962?

Acronis Cyber Protect 16 prior to build 39938 is susceptible to sensitive information disclosure due to a Server-Side Request Forgery (SSRF) vulnerability. This security flaw could allow an attacker to manipulate server-side requests, potentially exposing sensitive data. Users are advised to update to the latest build to mitigate this risk.

Affected Version(s)

Acronis Cyber Protect 16 Windows < 39938

References

https://security-advisory.acronis.com/advisories/SEC-8514

vendor-advisory

CVSS V3.0

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 4, 2025
Vulnerability Reserved
May 29, 2025

Credit

@vultza (https://hackerone.com/vultza)