CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30407
https://notcve.org/view.php?id=CVE-2025-30407
26 Mar 2025 — Local privilege escalation due to a binary hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39713. • https://security-advisory.acronis.com/advisories/SEC-8414 • CWE-426: Untrusted Search Path •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-24832
https://notcve.org/view.php?id=CVE-2025-24832
27 Feb 2025 — Arbitrary file overwrite during home directory recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.4.866, Acronis Backup plugin for cPanel & WHM (Linux) before build 1.9.1.892, Acronis Backup extension for Plesk (Linux) before build 1.8.7.615. • https://security-advisory.acronis.com/advisories/SEC-7649 • CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24828
https://notcve.org/view.php?id=CVE-2025-24828
31 Jan 2025 — Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378. • https://security-advisory.acronis.com/advisories/SEC-7842 • CWE-426: Untrusted Search Path •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24827
https://notcve.org/view.php?id=CVE-2025-24827
31 Jan 2025 — Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378. • https://security-advisory.acronis.com/advisories/SEC-7841 • CWE-426: Untrusted Search Path •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24829
https://notcve.org/view.php?id=CVE-2025-24829
31 Jan 2025 — Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378. • https://security-advisory.acronis.com/advisories/SEC-7839 • CWE-426: Untrusted Search Path •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24830
https://notcve.org/view.php?id=CVE-2025-24830
31 Jan 2025 — Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378. • https://security-advisory.acronis.com/advisories/SEC-7829 • CWE-426: Untrusted Search Path •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24831
https://notcve.org/view.php?id=CVE-2025-24831
31 Jan 2025 — Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378. • https://security-advisory.acronis.com/advisories/SEC-6153 • CWE-428: Unquoted Search Path or Element •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24826
https://notcve.org/view.php?id=CVE-2025-24826
28 Jan 2025 — Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4625. • https://security-advisory.acronis.com/advisories/SEC-6436 • CWE-276: Incorrect Default Permissions •
CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55541
https://notcve.org/view.php?id=CVE-2024-55541
02 Jan 2025 — Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39169. • https://security-advisory.acronis.com/advisories/SEC-3647 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-55542
https://notcve.org/view.php?id=CVE-2024-55542
02 Jan 2025 — Local privilege escalation due to excessive permissions assigned to Tray Monitor service. The following products are affected: Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35895. • https://security-advisory.acronis.com/advisories/SEC-5342 • CWE-266: Incorrect Privilege Assignment •