PT-2025-9037 · Acronis · Acronis Backup Plugin For Cpanel & Whm+1
Published
2025-02-27
·
Updated
2025-03-01
·
CVE-2025-24832
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Acronis Backup plugin for cPanel & WHM (Linux) versions 1.8.4.866 and earlier
Acronis Backup plugin for cPanel & WHM (Linux) versions 1.9.1.892 and earlier
Acronis Backup extension for Plesk (Linux) versions 1.8.7.615 and earlier
Description
The issue is related to arbitrary file overwrite during home directory recovery due to improper symbolic link handling.
Recommendations
For Acronis Backup plugin for cPanel & WHM (Linux) versions 1.8.4.866 and earlier, update to build 1.8.4.866 or later.
For Acronis Backup plugin for cPanel & WHM (Linux) versions 1.9.1.892 and earlier, update to build 1.9.1.892 or later.
For Acronis Backup extension for Plesk (Linux) versions 1.8.7.615 and earlier, update to build 1.8.7.615 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Acronis Backup Extension For Plesk
Acronis Backup Plugin For Cpanel & Whm