CVE-2025-30413 | HackTesting

Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40497, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186.

Credits

Airbus SecLab (mailto:vuln@airbus.com)

Quentin Liddell (mailto:vuln@airbus.com)

Mattéo Ricordeau (mailto:vuln@airbus.com)

Benoît Camredon (mailto:vuln@airbus.com)

References

https://security-advisory.acronis.com/advisories/SEC-8658

https://security-advisory.acronis.com/SEC-9386