CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48962
https://notcve.org/view.php?id=CVE-2025-48962
04 Jun 2025 — Sensitive information disclosure due to SSRF. The following products are affected: Acronis Cyber Protect 16 (Windows, Linux) before build 39938. • https://security-advisory.acronis.com/advisories/SEC-8514 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48961
https://notcve.org/view.php?id=CVE-2025-48961
04 Jun 2025 — Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39938. • https://security-advisory.acronis.com/advisories/SEC-8000 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48960
https://notcve.org/view.php?id=CVE-2025-48960
04 Jun 2025 — Weak server key used for TLS encryption. The following products are affected: Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39938. • https://security-advisory.acronis.com/advisories/SEC-6403 • CWE-326: Inadequate Encryption Strength •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-30408
https://notcve.org/view.php?id=CVE-2025-30408
24 Apr 2025 — Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904. Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904, Acronis Cyber Protect 16 (Windows) before build 39938. • https://security-advisory.acronis.com/advisories/SEC-8035 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55541
https://notcve.org/view.php?id=CVE-2024-55541
02 Jan 2025 — Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39169. • https://security-advisory.acronis.com/advisories/SEC-3647 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-55542
https://notcve.org/view.php?id=CVE-2024-55542
02 Jan 2025 — Local privilege escalation due to excessive permissions assigned to Tray Monitor service. The following products are affected: Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35895. • https://security-advisory.acronis.com/advisories/SEC-5342 • CWE-266: Incorrect Privilege Assignment •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56414
https://notcve.org/view.php?id=CVE-2024-56414
02 Jan 2025 — Web installer integrity check used weak hash algorithm. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169. • https://security-advisory.acronis.com/advisories/SEC-1911 • CWE-328: Use of Weak Hash •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56413
https://notcve.org/view.php?id=CVE-2024-56413
02 Jan 2025 — Missing session invalidation after user deletion. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169. • https://security-advisory.acronis.com/advisories/SEC-7612 • CWE-613: Insufficient Session Expiration •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55540
https://notcve.org/view.php?id=CVE-2024-55540
02 Jan 2025 — Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169. • https://security-advisory.acronis.com/advisories/SEC-2245 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55543
https://notcve.org/view.php?id=CVE-2024-55543
02 Jan 2025 — Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169. • https://security-advisory.acronis.com/advisories/SEC-6418 • CWE-427: Uncontrolled Search Path Element •