Local Privilege Escalation Issue in Acronis Cyber Protect Cloud Agent for Windows
CVE-2025-9578

7.8HIGH

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect Cloud Agent
Vendor: CVE Published:; 28 August 2025

What is CVE-2025-9578?

Acronis Cyber Protect Cloud Agent for Windows is susceptible to a local privilege escalation vulnerability due to insecure folder permissions. This flaw could potentially allow an attacker to gain elevated access and execute malicious actions on affected systems. Users are encouraged to update to build 40734 or later to mitigate this vulnerability and secure their environments.

Affected Version(s)

Acronis Cyber Protect Cloud Agent Windows < 40734

References

https://security-advisory.acronis.com/advisories/SEC-9107

vendor-advisory

CVSS V3.0

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 28, 2025
Vulnerability Reserved
Aug 28, 2025

Credit

@wdormann (https://hackerone.com/wdormann)