[German]Acronis Cyber Protect security vulnerabilities endanger Windows systemsShort note for users who use Acronis Cyber Protect in a Windows environment. There is a current security warning from the German Federal Office for Information Security (BSI). Several vulnerabilities in the product have become known that jeopardize the security of Windows.
Advertising
Acronis Cyber Protect is an end-to-end solution for cyber resilience that natively integrates backup, cyber security and endpoint management. German blog reader Marcel W. informed me by email this morning that there was a security vulnerability in Acronis Cyber Protect (rated with a CVSS index of 10.0). Marcel wrote: "Unfortunately, the manufacturer does not consider it necessary to actively and immediately inform its customers." In the Acronis Advisory Database the vulnerabilities are listed with date June 4, 2025.
The Acronis Advisory Database states that "Acronis Cyber Protect 16 (Linux, Windows) before build 39938" is affected.
- The vulnerability CVE-2025-30411 states "Sensitive data disclosure and manipulation due to improper authentication", and the vulnerability has been assigned a CVE index of 10.0.
- CVE-2025-30416 reads "Sensitive data disclosure and manipulation due to missing authorization", and the vulnerability has also been assigned CVE index 10.0.
- CVE-2025-30412 is called "Sensitive data disclosure and manipulation due to improper authentication", and the vulnerability has also been assigned a CVE index of 10.0.
- Then there is CVE-2025-30410, which reads: "Sensitive data disclosure and manipulation due to missing authentication". This vulnerability has been assigned a CVE index of 9.8.
All vulnerabilities listed above have been rated as "critical". The database contains several other vulnerabilities that have been rated with a lower CVE index. One vulnerability is rated as "high". In any case, patching is required if not already done. The manufacturer offers Acronis Cyber Protect 16 Update 4 as a fix.
Advertising