CVE-2025-30413
Received Received - Intake
Credential Persistence in Acronis Agent After Plan Revocation

Publication date: 2026-03-06

Last updated on: 2026-03-13

Assigner: Acronis International GmbH

Description
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40497, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-06
Last Modified
2026-03-13
Generated
2026-06-16
AI Q&A
2026-03-06
EPSS Evaluated
2026-06-15
NVD
CVE-2025-30413
EUVD
EUVD-2025-208333
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
acronis cyber_protect to 17.0.41186 (exc)
acronis agent to c25.07 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-732 The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves credentials not being deleted from the Acronis Agent after a plan revocation. Specifically, affected products include Acronis Cyber Protect Cloud Agent and Acronis Cyber Protect 17 on Linux, macOS, and Windows platforms before certain build versions.

Impact Analysis

Because credentials remain on the system after a plan is revoked, unauthorized access or misuse of those credentials could occur, potentially leading to a confidentiality breach. The CVSS score indicates a moderate impact on confidentiality but no impact on integrity or availability.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-30413. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart