Donate Telegram

CVE-2025-11790

MEDIUM CVSS 3.0: 4.4 EPSS 0.01%

Mar 06, 2026

Updated Mar 06, 2026

Linux

Parameter	Value
CVSS	4.4 (MEDIUM)
Type	CWE-732 (Incorrect Permission Assignment (Неправильное назначение разрешений))
Vendor	Linux
Public PoC	No

Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124.

Attack Parameters

Attack Vector

Local

Нужен локальный доступ

Attack Complexity

Low

Легко эксплуатировать

Privileges Required

High

Нужны права администратора

User Interaction

None

Не нужно действие пользователя

Impact Assessment

Confidentiality

High

Полная утечка данных

Integrity

None

Нет модификации данных

Availability

None

Нет нарушения работы

CVSS Vector v3.0

Weakness Type (CWE)

CWE-732 Incorrect Permission Assignment (Неправильное назначение разрешений)

References 2

https://security-advisory.acronis.com/SEC-8658

security@acronis.com

https://security-advisory.acronis.com/advisories/SEC-9386

security@acronis.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-28726

Linux

CVE-2026-28725

Linux

CVE-2026-28724

Linux

CVE-2026-28723

Linux

CVE-2026-28720

Linux

CVE Details

CVE ID

CVE-2025-11790

Published Date

Mar 06, 2026

Vendor

Linux

Severity

MEDIUM

CVSS v3.0 Score

4.4

Medium severity. Plan remediation.

Attack Analysis

Exploitability 0.8/10

How easy to exploit

Impact 3.6/10

Severity of consequences

Exploit Prediction (EPSS)

Probability of Exploit 0.01%

Likelihood of exploitation in next 30 days

Percentile: 1.5th percentile (higher than 1.5% of all CVEs)

Standard patching cycle

Impact

Full data disclosure

Source

Editor's Choice