CVE-2025-30410 – This critical vulnerability allows attackers to... (How to Fix)

Q: What is the severity of CVE-2025-30410?

CVE-2025-30410 has a CVSS score of 9.8 (CRITICAL). This critical vulnerability allows attackers to access and manipulate sensitive data without authentication in Acronis Cyber Protect products. It affects Acronis Cyber Protect Cloud Agent and Acronis Cyber Protect 15/16 across Linux, macOS, and Windows platforms. Organizations using these products are at risk of data breaches and unauthorized system modifications.

📋 TL;DR

This critical vulnerability allows attackers to access and manipulate sensitive data without authentication in Acronis Cyber Protect products. It affects Acronis Cyber Protect Cloud Agent and Acronis Cyber Protect 15/16 across Linux, macOS, and Windows platforms. Organizations using these products are at risk of data breaches and unauthorized system modifications.

💻 Affected Systems

Products:

Acronis Cyber Protect Cloud Agent
Acronis Cyber Protect 16
Acronis Cyber Protect 15

Versions: Acronis Cyber Protect Cloud Agent before build 39870, Acronis Cyber Protect 16 before build 39938, Acronis Cyber Protect 15 before build 41800

Operating Systems: Linux, macOS, Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All affected versions in default configuration are vulnerable. The vulnerability exists in the agent/management interfaces.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of protected data including backups, system configurations, and credentials leading to data theft, ransomware deployment, or system destruction.

🟠

Likely Case

Unauthorized access to sensitive backup data, configuration files, and potential privilege escalation within the Acronis ecosystem.

🟢

If Mitigated

Limited impact if network segmentation prevents access to vulnerable interfaces and proper authentication controls are enforced externally.

🌐 Internet-Facing: HIGH - Directly exploitable without authentication if vulnerable interfaces are exposed to the internet.

🏢 Internal Only: HIGH - Even internally, the lack of authentication allows any network-accessible attacker to exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to the vulnerable interface but no authentication, making it straightforward for attackers with access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Acronis Cyber Protect Cloud Agent build 39870+, Acronis Cyber Protect 16 build 39938+, Acronis Cyber Protect 15 build 41800+

Vendor Advisory: https://security-advisory.acronis.com/advisories/SEC-8641

Restart Required: Yes

Instructions:

1. Download the latest version from Acronis official sources. 2. Install the update following vendor documentation. 3. Restart the Acronis services or reboot the system as required. 4. Verify the update was successful using version checking commands.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to Acronis management interfaces to trusted networks only.

# Example firewall rule (Linux): iptables -A INPUT -p tcp --dport [Acronis_port] -s [trusted_network] -j ACCEPT
# Windows: New-NetFirewallRule -DisplayName 'Block Acronis External' -Direction Inbound -Protocol TCP -LocalPort [Acronis_port] -RemoteAddress NotIn ([trusted_ips]) -Action Block

Access Control Lists

all

Implement additional network-level authentication or access controls for Acronis services.

# Configure host-based firewall rules to limit source IPs
# Use network segmentation/VLANs to isolate Acronis management traffic

🧯 If You Can't Patch

Implement strict network segmentation to isolate Acronis management interfaces from untrusted networks.
Deploy additional authentication mechanisms (VPN, jump hosts) for accessing Acronis management interfaces.

🔍 How to Verify

Check if Vulnerable:

Check the Acronis agent version against affected builds. On Windows: Check Programs and Features or Acronis Management Console. On Linux/macOS: Check installed package version or agent status output.

Check Version:

Windows: Get-WmiObject -Class Win32_Product | Where-Object {$_.Name -like '*Acronis*'} | Select Name, Version
Linux: dpkg -l | grep acronis OR rpm -qa | grep acronis
macOS: pkgutil --pkgs | grep acronis

Verify Fix Applied:

Verify the installed version meets or exceeds the patched build numbers: Cloud Agent ≥39870, Cyber Protect 16 ≥39938, Cyber Protect 15 ≥41800.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to Acronis management ports
Unexpected configuration changes in Acronis logs
Authentication bypass events in application logs

Network Indicators:

Unusual traffic patterns to Acronis management ports (typically TCP 9876, 9877, or custom)
External IP addresses accessing Acronis interfaces without prior authentication

SIEM Query:

source="acronis_logs" AND (event_type="auth_failure" OR event_type="config_change") | stats count by src_ip, user

📊 Metadata

CVE ID: CVE-2025-30410

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-306

Published: February 20, 2026

Last Updated: February 20, 2026

🔗 References

https://security-advisory.acronis.com/advisories/SEC-8641

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-30410, you might also want to check these: