Search
Find a vulnerability
Search criteria
4 vulnerabilities found for Acronis True Image for Western Digital by Acronis
CVE-2025-7779 (GCVE-0-2025-7779)
Vulnerability from nvd – Published: 2025-09-30 14:52 – Updated: 2026-04-10 13:17
VLAI
Summary
Local privilege escalation due to insecure XPC service configuration. The following products are affected: Acronis True Image (macOS) before build 42389, Acronis True Image for SanDisk (macOS) before build 42198, Acronis True Image for Western Digital (macOS) before build 42197, Acronis True Image OEM (macOS) before build 42571.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security-advisory.acronis.com/advisories/… | vendor-advisory |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Acronis | Acronis True Image |
Affected:
unspecified , < 42389
(semver)
|
|
| Acronis | Acronis True Image for SanDisk |
Affected:
unspecified , < 42198
(semver)
|
|
| Acronis | Acronis True Image for Western Digital |
Affected:
unspecified , < 42197
(semver)
|
|
| Acronis | Acronis True Image OEM |
Affected:
unspecified , < 42571
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7779",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T03:55:58.283462Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:47:47.347Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"macOS"
],
"product": "Acronis True Image",
"vendor": "Acronis",
"versions": [
{
"lessThan": "42389",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"macOS"
],
"product": "Acronis True Image for SanDisk",
"vendor": "Acronis",
"versions": [
{
"lessThan": "42198",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"macOS"
],
"product": "Acronis True Image for Western Digital",
"vendor": "Acronis",
"versions": [
{
"lessThan": "42197",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"macOS"
],
"product": "Acronis True Image OEM",
"vendor": "Acronis",
"versions": [
{
"lessThan": "42571",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "@nullevent (https://hackerone.com/nullevent)"
},
{
"lang": "en",
"type": "finder",
"value": "Carlos Garrido (https://pentraze.com/vulnerability-reports)"
},
{
"lang": "en",
"type": "finder",
"value": "Pentraze Cyber Security (https://pentraze.com/vulnerability-reports)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to insecure XPC service configuration. The following products are affected: Acronis True Image (macOS) before build 42389, Acronis True Image for SanDisk (macOS) before build 42198, Acronis True Image for Western Digital (macOS) before build 42197, Acronis True Image OEM (macOS) before build 42571."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T13:17:25.600Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-8193",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-8193"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2025-7779",
"datePublished": "2025-09-30T14:52:46.494Z",
"dateReserved": "2025-07-17T22:39:45.615Z",
"dateUpdated": "2026-04-10T13:17:25.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11178 (GCVE-0-2025-11178)
Vulnerability from nvd – Published: 2025-09-30 14:52 – Updated: 2026-04-10 13:16
VLAI
Summary
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42386, Acronis True Image for Western Digital (Windows) before build 42636, Acronis True Image for SanDisk (Windows) before build 42679, Acronis True Image OEM (Windows) before build 42575.
Severity
7.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security-advisory.acronis.com/advisories/… | vendor-advisory |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Acronis | Acronis True Image |
Affected:
unspecified , < 42386
(semver)
|
|
| Acronis | Acronis True Image for Western Digital |
Affected:
unspecified , < 42636
(semver)
|
|
| Acronis | Acronis True Image for SanDisk |
Affected:
unspecified , < 42679
(semver)
|
|
| Acronis | Acronis True Image OEM |
Affected:
unspecified , < 42575
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11178",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T03:55:57.464131Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:47:47.868Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Acronis True Image",
"vendor": "Acronis",
"versions": [
{
"lessThan": "42386",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Acronis True Image for Western Digital",
"vendor": "Acronis",
"versions": [
{
"lessThan": "42636",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Acronis True Image for SanDisk",
"vendor": "Acronis",
"versions": [
{
"lessThan": "42679",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Acronis True Image OEM",
"vendor": "Acronis",
"versions": [
{
"lessThan": "42575",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "@satz4797 (https://hackerone.com/satz4797)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42386, Acronis True Image for Western Digital (Windows) before build 42636, Acronis True Image for SanDisk (Windows) before build 42679, Acronis True Image OEM (Windows) before build 42575."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T13:16:25.613Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-7078",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-7078"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2025-11178",
"datePublished": "2025-09-30T14:52:20.711Z",
"dateReserved": "2025-09-29T22:35:29.171Z",
"dateUpdated": "2026-04-10T13:16:25.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7779 (GCVE-0-2025-7779)
Vulnerability from cvelistv5 – Published: 2025-09-30 14:52 – Updated: 2026-04-10 13:17
VLAI
Summary
Local privilege escalation due to insecure XPC service configuration. The following products are affected: Acronis True Image (macOS) before build 42389, Acronis True Image for SanDisk (macOS) before build 42198, Acronis True Image for Western Digital (macOS) before build 42197, Acronis True Image OEM (macOS) before build 42571.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security-advisory.acronis.com/advisories/… | vendor-advisory |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Acronis | Acronis True Image |
Affected:
unspecified , < 42389
(semver)
|
|
| Acronis | Acronis True Image for SanDisk |
Affected:
unspecified , < 42198
(semver)
|
|
| Acronis | Acronis True Image for Western Digital |
Affected:
unspecified , < 42197
(semver)
|
|
| Acronis | Acronis True Image OEM |
Affected:
unspecified , < 42571
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7779",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T03:55:58.283462Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:47:47.347Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"macOS"
],
"product": "Acronis True Image",
"vendor": "Acronis",
"versions": [
{
"lessThan": "42389",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"macOS"
],
"product": "Acronis True Image for SanDisk",
"vendor": "Acronis",
"versions": [
{
"lessThan": "42198",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"macOS"
],
"product": "Acronis True Image for Western Digital",
"vendor": "Acronis",
"versions": [
{
"lessThan": "42197",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"macOS"
],
"product": "Acronis True Image OEM",
"vendor": "Acronis",
"versions": [
{
"lessThan": "42571",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "@nullevent (https://hackerone.com/nullevent)"
},
{
"lang": "en",
"type": "finder",
"value": "Carlos Garrido (https://pentraze.com/vulnerability-reports)"
},
{
"lang": "en",
"type": "finder",
"value": "Pentraze Cyber Security (https://pentraze.com/vulnerability-reports)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to insecure XPC service configuration. The following products are affected: Acronis True Image (macOS) before build 42389, Acronis True Image for SanDisk (macOS) before build 42198, Acronis True Image for Western Digital (macOS) before build 42197, Acronis True Image OEM (macOS) before build 42571."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T13:17:25.600Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-8193",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-8193"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2025-7779",
"datePublished": "2025-09-30T14:52:46.494Z",
"dateReserved": "2025-07-17T22:39:45.615Z",
"dateUpdated": "2026-04-10T13:17:25.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11178 (GCVE-0-2025-11178)
Vulnerability from cvelistv5 – Published: 2025-09-30 14:52 – Updated: 2026-04-10 13:16
VLAI
Summary
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42386, Acronis True Image for Western Digital (Windows) before build 42636, Acronis True Image for SanDisk (Windows) before build 42679, Acronis True Image OEM (Windows) before build 42575.
Severity
7.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security-advisory.acronis.com/advisories/… | vendor-advisory |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Acronis | Acronis True Image |
Affected:
unspecified , < 42386
(semver)
|
|
| Acronis | Acronis True Image for Western Digital |
Affected:
unspecified , < 42636
(semver)
|
|
| Acronis | Acronis True Image for SanDisk |
Affected:
unspecified , < 42679
(semver)
|
|
| Acronis | Acronis True Image OEM |
Affected:
unspecified , < 42575
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11178",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T03:55:57.464131Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:47:47.868Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Acronis True Image",
"vendor": "Acronis",
"versions": [
{
"lessThan": "42386",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Acronis True Image for Western Digital",
"vendor": "Acronis",
"versions": [
{
"lessThan": "42636",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Acronis True Image for SanDisk",
"vendor": "Acronis",
"versions": [
{
"lessThan": "42679",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Acronis True Image OEM",
"vendor": "Acronis",
"versions": [
{
"lessThan": "42575",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "@satz4797 (https://hackerone.com/satz4797)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42386, Acronis True Image for Western Digital (Windows) before build 42636, Acronis True Image for SanDisk (Windows) before build 42679, Acronis True Image OEM (Windows) before build 42575."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T13:16:25.613Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-7078",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-7078"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2025-11178",
"datePublished": "2025-09-30T14:52:20.711Z",
"dateReserved": "2025-09-29T22:35:29.171Z",
"dateUpdated": "2026-04-10T13:16:25.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}