What is CVE-2025-30412?

Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (...

How severe is CVE-2025-30412?

CVE-2025-30412 is rated critical severity with a CVSS score of 10 out of 10.

What products are affected by CVE-2025-30412?

CVE-2025-30412 affects Windows, Linux. Check vendor advisories for specific affected versions.

How do I fix CVE-2025-30412?

The vendor has published a patch — see the "Vendor Patch" link in the references section. If you cannot patch immediately, review mitigation guidance in this advisory and monitor for exploitation attempts.

Linux Vulnerability (CVE-2025-30412)

Overview

A critical security vulnerability has been identified in specific versions of Acronis Cyber Protect software. This flaw, due to improper authentication, could allow a remote attacker to bypass security controls and gain unauthorized access to sensitive data and system functions.

Vulnerability Explanation

In simple terms, the software contains a weakness in its login or access verification process. This weakness allows an attacker to interact with the software’s management interface without providing valid credentials. Once this access is achieved, the attacker can perform actions as if they were a legitimate, authorized administrator.

Affected Products and Impact

This vulnerability is present in:

Acronis Cyber Protect 16 (for Linux and Windows) for all builds prior to 39938.
Acronis Cyber Protect 15 (for Linux and Windows) for all builds prior to 41800.

The impact is severe. An attacker exploiting this flaw could:

Disclose sensitive data: Access, exfiltrate, or view protected backup data, configuration files, and system information.
Manipulate systems: Delete, alter, or corrupt backup archives, potentially making recovery impossible.
Disrupt operations: Halt backup services or reconfigure protection policies, leading to data loss and operational downtime.

Remediation and Mitigation

Immediate action is required to secure affected systems.

Primary Remediation (Recommended): Apply the vendor-provided update immediately.

For Acronis Cyber Protect 16, update to build 39938 or later.
For Acronis Cyber Protect 15, update to build 41800 or later. These updated builds contain the necessary fixes to properly enforce authentication.

Temporary Mitigation (If Immediate Patching is Not Possible):

Restrict Network Access: Ensure the management interface for Acronis Cyber Protect is not directly accessible from the internet. Use firewall rules to restrict access to the necessary ports (typically TCP 9877 and 443) only from trusted administrative networks or specific IP addresses.
Monitor for Unauthorized Activity: Closely review application and system logs for any unusual login attempts or configuration changes originating from unexpected sources.

All users of the affected versions should treat this vulnerability as a high-priority risk and plan for remediation at the earliest opportunity.

Linux Vulnerability (CVE-2025-30412)

Overview

Vulnerability Explanation

Affected Products and Impact

Remediation and Mitigation

Never miss a critical vulnerability

Related Advisories

Other Windows Vulnerabilities

Overview

Vulnerability Explanation

Affected Products and Impact

Remediation and Mitigation

Never miss a critical vulnerability

Related Advisories

Other Windows Vulnerabilities

Never Miss a Critical Alert