CVE-2025-24832

{"id": "CVE-2025-24832", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@acronis.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-02-27T23:15:37.310", "references": [{"url": "https://security-advisory.acronis.com/advisories/SEC-7649", "source": "security@acronis.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "security@acronis.com", "description": [{"lang": "en", "value": "CWE-61"}]}], "descriptions": [{"lang": "en", "value": "Arbitrary file overwrite during home directory recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.4.866, Acronis Backup plugin for cPanel & WHM (Linux) before build 1.9.1.892, Acronis Backup extension for Plesk (Linux) before build 1.8.7.615."}, {"lang": "es", "value": "Sobreescritura del archivo arbitrario durante la recuperaci\u00f3n del directorio de inicio debido a la gesti\u00f3n inadecuada de enlaces simb\u00f3licos. Los siguientes productos se ven afectados: complemento de respaldo de Acronis para CPanel y WHM (Linux) antes de la compilaci\u00f3n 1.8.4.866, complemento de respaldo de Acronis para Cpanel y WHM (Linux) antes de la compilaci\u00f3n 1.9.1.892, Extensi\u00f3n de respaldo de Acronis para Plesk (Linux) antes de construir 1.8.7.615."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "security@acronis.com"}