CVE-2025-24831

Published: Jan 31, 2025Modified: Feb 18, 2025

6.6

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Exploitability: 1.3 / Impact: 5.2

Source: security@acronis.com (Secondary)

Description

Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378.

Related CWEs

CWE-428

Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

References (1)

https://security-advisory.acronis.com/advisories/SEC-6153

Source: security@acronis.com

Timeline

No history available yet.