CVE-2025-30410CRITICAL 9.8EPSS p41.7%

CVE-2025-30410CVE-2025-30410

Description

Sensitive data disclosure and manipulation due to missing authentication. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 39870, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 41800.

Scoring

CVSS 3.09.8 (CRITICAL)
VectorCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.55% probability of exploitation · percentile 41.7% · 2026-06-18T12:00:27Z
Published2026-02-20
Last modified2026-04-15

Underlying weaknesses· 1

CWE-306

References

  1. https://security-advisory.acronis.com/advisories/SEC-8641

1

TypeTargetConfidenceTier
WeaknessMissing Authentication for Critical Functioncwe-3060%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-30411
CVE
CVE-2025-30416
CVE
CVE-2025-30412
CVE
CVE-2026-28710
CVE
CVE-2025-61075
CVE
Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.