Linux Vulnerability (CVE-2025-30411)

Security Advisory: Critical Authentication Bypass in Acronis Cyber Protect

Overview

A critical security vulnerability has been identified in Acronis Cyber Protect software. This flaw stems from improper authentication, which could allow an unauthenticated attacker to bypass security controls. Successful exploitation may lead to the disclosure or manipulation of sensitive data protected by the application.

Affected Products

• Acronis Cyber Protect 16 for Linux and Windows (all versions before build 39938)
• Acronis Cyber Protect 15 for Linux and Windows (all versions before build 41800)

Severity: CRITICAL (CVSS Score: 10.0)

Vulnerability Details

In simple terms, this vulnerability is a severe authentication bypass. The affected Acronis Cyber Protect builds do not properly verify a user’s identity for certain actions. This failure allows an attacker to interact with the application’s functions without providing valid login credentials. Once this security gate is bypassed, the attacker gains unauthorized access to the system’s capabilities.

Potential Impact

If exploited, this vulnerability can have severe consequences:

• Sensitive Data Disclosure: An attacker could access, view, and exfiltrate backup data, configuration files, and other sensitive information managed by the Cyber Protect console.
• Data Manipulation or Destruction: An attacker could potentially delete, encrypt, or corrupt backup sets, compromising data integrity and recovery capabilities.
• System Compromise: This access could serve as an initial foothold for further attacks within the network, especially if the backup system has privileged access to other servers.

Remediation and Mitigation

Immediate action is required to protect your systems.

Primary Remediation (Recommended): Apply the vendor-provided updates without delay. Upgrade to a fixed build that addresses this vulnerability.

• For Acronis Cyber Protect 16, update to build 39938 or later.
• For Acronis Cyber Protect 15, update to build 41800 or later.

Mitigation Steps (If Immediate Patching is Not Possible):

1. Restrict Network Access: Ensure the Acronis Cyber Protect management console is not accessible from the public internet. Use firewall rules to restrict access to the console’s ports (typically TCP 9876 and 9877) to only trusted, necessary administrative networks or IP addresses.
2. Review Access Logs: Monitor authentication and access logs for any suspicious activity, particularly login attempts from unexpected sources or successful logins without corresponding user action.
3. Verify Backups: Ensure your most recent backup sets are intact, stored securely, and are not accessible via the vulnerable interface. Test restoration procedures to confirm operational readiness.

All users of affected versions should treat this vulnerability as high-risk and prioritize upgrading to the patched builds.