CVE-2025-11790

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-11790
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124.

4.4 /10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://security-advisory.acronis.com/SEC-8658 Not Applicable
https://security-advisory.acronis.com/advisories/SEC-9386 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
History

13 Mar 2026, 16:42

Type Values Removed Values Added
CPE cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
References () https://security-advisory.acronis.com/SEC-8658 - () https://security-advisory.acronis.com/SEC-8658 - Not Applicable
References () https://security-advisory.acronis.com/advisories/SEC-9386 - () https://security-advisory.acronis.com/advisories/SEC-9386 - Vendor Advisory
First Time Microsoft
Acronis agent
Acronis
Linux linux Kernel
Linux
Microsoft windows
Apple macos
Apple

09 Mar 2026, 13:36

Type Values Removed Values Added
Summary
  • (es) Las credenciales no se eliminan del Agente de Acronis después de la revocación del plan. Los siguientes productos están afectados: Agente de Acronis Cyber Protect Cloud (Linux, macOS, Windows) antes de la compilación 41124.

06 Mar 2026, 00:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-03-06 00:16

Updated : 2026-03-13 16:42

NVD link : CVE-2025-11790

Mitre link : CVE-2025-11790

CVE.ORG link : CVE-2025-11790

JSON object : View

Products Affected

linux

  • linux_kernel

acronis

  • agent

microsoft

  • windows

apple

  • macos
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource