CVE-2025-48959: Local privilege escalation due to insecure file permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows)...

6.7 CVSS

Description

Local privilege escalation due to insecure file permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 40077.

Classification

CVE ID: CVE-2025-48959

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.7

CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Problem Types

CWE-276

Affected Products

Vendor: Acronis

Product: Acronis Cyber Protect Cloud Agent

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.01% (probability of being exploited)

EPSS Percentile: 0.88% (scored less or equal to compared to others)

EPSS Date: 2025-06-07 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-48959
https://security-advisory.acronis.com/advisories/SEC-8133

Timeline

2025-06-04 13:40:22 UTC
CVE

Local privilege escalation due to insecure file permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows)...