Acronis Cyber Protect, Missing Authorization, CVE-2025-30416 (Critical)

Listen to this Post

CVE-2025-30416 is a critical vulnerability affecting Acronis Cyber Protect 15 and 16 on Linux and Windows platforms . It is classified under CWE-862, which indicates “Missing Authorization” . This means the software fails to perform the necessary authorization checks when an actor attempts to access a resource or perform an action . Consequently, an unauthenticated attacker can remotely exploit this flaw to access and manipulate sensitive data without requiring any privileges or user interaction . The CVSS v3.0 base score is a perfect 10.0 (Critical), with the vector string CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H . This vector indicates the attack is network-based (AV:N), has low attack complexity (AC:L), requires no privileges (PR:N) and no user interaction (UI:N), has a changed scope (S:C), and results in high impact to confidentiality, integrity, and availability (C:H/I:H/A:H) . The vulnerability exists in Acronis Cyber Protect 16 before build 39938 and Acronis Cyber Protect 15 before build 41800 . While Acronis has released patches, the severity of the flaw makes it a prime target for attackers seeking to compromise backup and cybersecurity management data .
Platform: Acronis Cyber Protect
Version: Before 39938/41800
Vulnerability: Missing Authorization
Severity: Critical (CVSS 10.0)
Date: 20/02/2026

Prediction: Patched (June 2025)

What Undercode Say:

Analytics:

The vulnerability is associated with CWE-862 (Missing Authorization). It allows for network-based attacks with low complexity, requiring no privileges or user interaction. Its scope is changed, meaning the vulnerable component impacts resources beyond its security scope, leading to total loss of confidentiality, integrity, and availability. The EPSS score is currently low, but its high CVSS score significantly increases risk.

How Exploit:

  1. No public Proof of Concept (PoC) is currently available .
  2. Exploitation involves an unauthenticated attacker sending a specially crafted network request to an affected Acronis Cyber Protect installation.
  3. Due to the missing authorization check, the server processes the request, granting the attacker unauthorized access to sensitive data or the ability to modify it.
  4. The attacker could potentially use this to compromise backup data, security configurations, or use the access as a foothold for further network penetration .

Protection from this CVE:

  1. Update Acronis Cyber Protect 16 to build 39938 or later .
  2. Update Acronis Cyber Protect 15 to build 41800 or later .
  3. If immediate patching is not possible, restrict network access to the Acronis Cyber Protect management interfaces using firewalls and VPNs to limit exposure to trusted administrators only .
  4. Employ strict network segmentation to isolate backup servers from general user networks and the internet .
  5. Monitor logs and network traffic for unusual access patterns or unauthorized attempts to interact with Acronis services .

Impact:

Successful exploitation allows an unauthenticated, remote attacker to achieve high impact on confidentiality, integrity, and availability. This can lead to unauthorized disclosure of sensitive data, manipulation of backup data, and potential disruption of backup and recovery services, which can be leveraged for ransomware deployment or sabotage .

Bash/Commands:

Verify Acronis Cyber Protect 16 build on Linux:

sudo cyberprotect-svc --version | grep "Build"

Verify Acronis Cyber Protect 15 build on Windows (PowerShell):

Get-ItemProperty "HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\" | Where-Object {$_.DisplayName -like "Acronis Cyber Protect 15"} | Select-Object DisplayName, DisplayVersion

Update command (example, check vendor docs):

For Linux, typically using package manager
sudo apt-get update && sudo apt-get install --only-upgrade acronis-cyber-protect

Check if service is exposed (audit command):

Check if Acronis ports are listening on all interfaces
sudo netstat -tulpn | grep -E "(:9876|:9877)" Example ports

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top