Acronis Cyber Protect Cloud Agent up to 40076 improper validation of syntactic correctness of input
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.3 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as critical, has been found in Acronis Cyber Protect Cloud Agent up to 40076. This affects an unknown part. This manipulation causes improper validation of syntactic correctness of input. This vulnerability is tracked as CVE-2025-30415. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.
Details
A vulnerability was found in Acronis Cyber Protect Cloud Agent up to 40076. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation with an unknown input leads to a improper validation of syntactic correctness of input vulnerability. The CWE definition for the vulnerability is CWE-1286. The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax. As an impact it is known to affect availability. The summary by CVE is:
Denial of service due to improper handling of malformed input. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40077, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186.
The advisory is shared at security-advisory.acronis.com. This vulnerability is known as CVE-2025-30415 since 03/21/2025. The exploitation appears to be easy. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Neither technical details nor an exploit are publicly available.
Upgrading to version 40077 eliminates this vulnerability.
The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2025-16869). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Type
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.5VulDB Meta Temp Score: 7.3
VulDB Base Score: 7.5
VulDB Temp Score: 7.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
CNA Base Score: 7.5
CNA Vector (Acronis): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Improper validation of syntactic correctness of inputCWE: CWE-1286 / CWE-20
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Cyber Protect Cloud Agent 40077
Timeline
03/21/2025 🔍06/04/2025 🔍
06/04/2025 🔍
03/06/2026 🔍
Sources
Advisory: security-advisory.acronis.comStatus: Confirmed
CVE: CVE-2025-30415 (🔍)
GCVE (CVE): GCVE-0-2025-30415
GCVE (VulDB): GCVE-100-311137
EUVD: 🔍
Entry
Created: 06/04/2025 14:33Updated: 03/06/2026 01:50
Changes: 06/04/2025 14:33 (63), 06/04/2025 15:54 (1), 03/06/2026 01:50 (2)
Complete: 🔍
Cache ID: 216::103
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
No comments yet. Languages: en.
Please log in to comment.