CVE-2025-11791
Published: 06 March 2026
Summary
CVE-2025-11791 is a high-severity Missing Authorization (CWE-862) vulnerability in Acronis Agent. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 4.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-24 (Access Control Decisions).
Deeper analysis
CVE-2025-11791 is a vulnerability involving sensitive information disclosure and manipulation due to insufficient authorization checks, mapped to CWE-862. It affects Acronis Cyber Protect 17 on Linux, macOS, and Windows prior to build 41186, as well as Acronis Cyber Protect Cloud Agent on the same platforms prior to build 41124. The vulnerability has a CVSS v3.1 base score of 7.1, with vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N, indicating high impacts on confidentiality and integrity but no availability impact.
A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows the attacker to disclose sensitive information and manipulate data, potentially compromising the integrity of protected systems or data within the Acronis environment.
For mitigation details, refer to the Acronis security advisory at https://security-advisory.acronis.com/advisories/SEC-9405, which was published on 2026-03-06.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-208331
Vulnerability details
Sensitive information disclosure and manipulation due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local low-priv authorization bypass directly enables unauthorized reading of sensitive data from the local system (T1005) and stored data manipulation (T1565.001).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces authorization checks before permitting access to sensitive data or functions, addressing the root cause of CWE-862 in the Acronis agent.
Limits privileges of local accounts so that even a successful bypass yields only minimal data exposure or modification rights.
Ensures access-control decisions are made by a trusted, centralized mechanism rather than relying on incomplete local checks inside the agent.