Linux Vulnerability (CVE-2025-30416)

Overview

A critical security vulnerability has been identified in Acronis Cyber Protect software that could allow an unauthenticated attacker to access and manipulate sensitive data. This flaw is due to a missing authorization check in the software’s web interface.

Vulnerability Details

In simple terms, the affected Acronis software versions do not properly verify a user’s identity and permissions for certain functions. This oversight creates a backdoor where an attacker, without needing a valid username or password, can directly interact with the management interface. Once connected, they can perform actions that should be restricted to authorized administrators only.

Affected Products

• Acronis Cyber Protect 16 (Linux and Windows versions) - all builds prior to build 39938
• Acronis Cyber Protect 15 (Linux and Windows versions) - all builds prior to build 41800

Potential Impact

The impact of this vulnerability is severe. A successful exploit could lead to:

• Data Disclosure: An attacker could access, view, and exfiltrate sensitive backup data, system information, and configuration details.
• Data Manipulation: An attacker could modify or delete existing backup data, potentially rendering recovery points useless.
• System Compromise: By manipulating configurations or backup jobs, an attacker could disrupt operations or create a foothold for further attacks on the network.

Given that the vulnerability requires no authentication and can lead to full loss of confidentiality and integrity, it has received the maximum CVSS score of 10.0 (CRITICAL).

Remediation and Mitigation

Immediate action is required for all affected installations.

Primary Remediation: The only complete solution is to update your Acronis Cyber Protect software to a patched version.

• For Acronis Cyber Protect 16, update to build 39938 or later.
• For Acronis Cyber Protect 15, update to build 41800 or later.

Mitigation Steps (If Immediate Patching is Not Possible):

1. Restrict Network Access: Ensure the management interface of the Acronis server is not accessible from the public internet. Use firewall rules to restrict access to the necessary administrative IP addresses only.
2. Monitor for Anomalies: Closely monitor the Acronis application logs for any unusual access attempts or configuration changes from unexpected sources.
3. Verify Backups: Ensure you have recent, verified backups stored in a secure, offline location that is not accessible from the vulnerable system.

You should apply the official updates from Acronis as soon as possible during a maintenance window to fully eliminate this risk.