Acronis Software Fails to Verify User Identity, Exposing Sensitive Data

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.8

Acronis Software Fails to Verify User Identity, Exposing Sensitive Data

CVE-2025-30410

Summary

If not updated, Acronis Cyber Protect Cloud Agent, Acronis Cyber Protect 16, and Acronis Cyber Protect 15 may allow unauthorized access to sensitive information and potentially allow attackers to manipulate data. This is because the software doesn't properly verify user identities. Update the software to the latest version to fix this issue.

Original title

Original description

Sensitive data disclosure and manipulation due to missing authentication. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 39870, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 41800.

nvd CVSS3.0 9.8

Vulnerability type

CWE-306 Missing Authentication for Critical Function

https://security-advisory.acronis.com/advisories/SEC-8641

Published: 20 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026