CVE-2025-11791
Published: 06 March 2026
Summary
CVE-2025-11791 is a high-severity Missing Authorization (CWE-862) vulnerability in Acronis Agent. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 3.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Requiring an access control policy ensures authorization checks are defined and applied for critical functions.
Reviews of access controls detect missing authorization checks on critical functions or resources.
Documenting permitted unauthenticated actions prevents missing authorization by making all exceptions explicit and subject to organizational review.
Requiring attribute association with information prevents authorization from being performed without necessary security or privacy context.
Mandating authorization prior to allowing remote connections addresses missing authorization for remote access.
Mandating authorization before wireless connections are allowed prevents missing authorization for wireless access.
The control requires authorization before allowing mobile device connections, directly mitigating missing authorization for system access.
Requiring approvals for account creation and specifying authorizations ensures authorization is not missing for system access.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local low-priv authorization bypass directly enables unauthorized reading of sensitive data from the local system (T1005) and stored data manipulation (T1565.001).
NVD Description
Sensitive information disclosure and manipulation due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124.
Deeper analysisAI
CVE-2025-11791 is a vulnerability involving sensitive information disclosure and manipulation due to insufficient authorization checks, mapped to CWE-862. It affects Acronis Cyber Protect 17 on Linux, macOS, and Windows prior to build 41186, as well as Acronis Cyber Protect Cloud Agent on the same platforms prior to build 41124. The vulnerability has a CVSS v3.1 base score of 7.1, with vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N, indicating high impacts on confidentiality and integrity but no availability impact.
A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows the attacker to disclose sensitive information and manipulate data, potentially compromising the integrity of protected systems or data within the Acronis environment.
For mitigation details, refer to the Acronis security advisory at https://security-advisory.acronis.com/advisories/SEC-9405, which was published on 2026-03-06.
Details
- CWE(s)