PT-2026-23580 · Acronis · Acronis Cyber Protect Cloud Agent+1

Airbus Seclab

Published

2026-03-05

Updated

2026-03-13

CVE-2025-30413

CVSS v3.1

4.4

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) versions prior to build 40497 Acronis Cyber Protect 17 (Linux, macOS, Windows) versions prior to build 41186

Description Credentials are not deleted from the Acronis Agent after plan revocation. This can potentially lead to unauthorized access.

Recommendations Update Acronis Cyber Protect Cloud Agent to build 40497 or later. Update Acronis Cyber Protect 17 to build 41186 or later.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2025-30413

Affected Products

Acronis Cyber Protect 17

Acronis Cyber Protect Cloud Agent

PT-2026-23580 · Acronis · Acronis Cyber Protect Cloud Agent+1

CVE-2025-30413

Weakness Enumeration

Related Identifiers

Affected Products

References · 8