CVE-2025-30413
Medium
Low
Medium
High
Critical
4.4
CVSS Score
Vulnerability Description
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40497, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack Vector
L
Attack Complexity
L
Privileges Required
H
User Interaction
N
Scope
U
Confidentiality
H
Integrity
N
Availability
N
Known Affected Software
2 configuration(s) from 1 vendor(s)
cyber_protect
Version:
16
CPE:
cpe:2.3:a:acronis:cyber_protect:16:update3:*:*:*:*:*:*
cyber_protect
Version:
15
CPE:
cpe:2.3:a:acronis:cyber_protect:15:update6:*:*:*:*:*:*
This vulnerability affects 2 software configuration(s). Ensure you patch all affected systems.
Severity Details
4.4
out of 10.0
Medium
Weakness Type (CWE)
CWE-732
Incorrect Permission Assignment for Critical Resource
- Description
- The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
- Exploit Likelihood
- High
- Typical Severity
- High
- Abstraction Level
- Class
Key Information
- Published Date
- March 06, 2026
