CVE-2025-7779 (GCVE-0-2025-7779)

Vulnerability from cvelistv5 – Published: 2025-09-30 14:52 – Updated: 2026-04-10 13:17
VLAI?
Summary
Local privilege escalation due to insecure XPC service configuration. The following products are affected: Acronis True Image (macOS) before build 42389, Acronis True Image for SanDisk (macOS) before build 42198, Acronis True Image for Western Digital (macOS) before build 42197, Acronis True Image OEM (macOS) before build 42571.
Severity ?
8.8 (High)
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE
Assigner
References
Impacted products
Vendor Product Version
Acronis Acronis True Image Affected: unspecified , < 42389 (semver)
Create a notification for this product.
Credits
@nullevent (https://hackerone.com/nullevent) Carlos Garrido (https://pentraze.com/vulnerability-reports) Pentraze Cyber Security (https://pentraze.com/vulnerability-reports)
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-7779",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T03:55:58.283462Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T17:47:47.347Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "macOS"
          ],
          "product": "Acronis True Image",
          "vendor": "Acronis",
          "versions": [
            {
              "lessThan": "42389",
              "status": "affected",
              "version": "unspecified",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "macOS"
          ],
          "product": "Acronis True Image for SanDisk",
          "vendor": "Acronis",
          "versions": [
            {
              "lessThan": "42198",
              "status": "affected",
              "version": "unspecified",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "macOS"
          ],
          "product": "Acronis True Image for Western Digital",
          "vendor": "Acronis",
          "versions": [
            {
              "lessThan": "42197",
              "status": "affected",
              "version": "unspecified",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "macOS"
          ],
          "product": "Acronis True Image OEM",
          "vendor": "Acronis",
          "versions": [
            {
              "lessThan": "42571",
              "status": "affected",
              "version": "unspecified",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "@nullevent (https://hackerone.com/nullevent)"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Carlos Garrido (https://pentraze.com/vulnerability-reports)"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Pentraze Cyber Security (https://pentraze.com/vulnerability-reports)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Local privilege escalation due to insecure XPC service configuration. The following products are affected: Acronis True Image (macOS) before build 42389, Acronis True Image for SanDisk (macOS) before build 42198, Acronis True Image for Western Digital (macOS) before build 42197, Acronis True Image OEM (macOS) before build 42571."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-10T13:17:25.600Z",
        "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "shortName": "Acronis"
      },
      "references": [
        {
          "name": "SEC-8193",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security-advisory.acronis.com/advisories/SEC-8193"
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
    "assignerShortName": "Acronis",
    "cveId": "CVE-2025-7779",
    "datePublished": "2025-09-30T14:52:46.494Z",
    "dateReserved": "2025-07-17T22:39:45.615Z",
    "dateUpdated": "2026-04-10T13:17:25.600Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-7779",
      "date": "2026-04-27",
      "epss": "0.00016",
      "percentile": "0.03438"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-7779\",\"sourceIdentifier\":\"security@acronis.com\",\"published\":\"2025-09-30T15:15:59.247\",\"lastModified\":\"2026-04-10T14:16:25.607\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Local privilege escalation due to insecure XPC service configuration. The following products are affected: Acronis True Image (macOS) before build 42389, Acronis True Image for SanDisk (macOS) before build 42198, Acronis True Image for Western Digital (macOS) before build 42197, Acronis True Image OEM (macOS) before build 42571.\"},{\"lang\":\"es\",\"value\":\"Escalada de privilegios local debido a una configuraci\u00f3n insegura del servicio XPC. Los siguientes productos est\u00e1n afectados: Acronis True Image (macOS) anterior a la compilaci\u00f3n 42389, Acronis True Image para SanDisk (macOS) anterior a la compilaci\u00f3n 42198, Acronis True Image para Western Digital (macOS) anterior a la compilaci\u00f3n 42197.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"security@acronis.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.0,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"security@acronis.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"references\":[{\"url\":\"https://security-advisory.acronis.com/advisories/SEC-8193\",\"source\":\"security@acronis.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-7779\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-01T03:55:58.283462Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-30T15:34:10.239Z\"}}], \"cna\": {\"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"@nullevent (https://hackerone.com/nullevent)\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Carlos Garrido (https://pentraze.com/vulnerability-reports)\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Pentraze Cyber Security (https://pentraze.com/vulnerability-reports)\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Acronis\", \"product\": \"Acronis True Image\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"42389\", \"versionType\": \"semver\"}], \"platforms\": [\"macOS\"], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Acronis\", \"product\": \"Acronis True Image for SanDisk\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"42198\", \"versionType\": \"semver\"}], \"platforms\": [\"macOS\"], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Acronis\", \"product\": \"Acronis True Image for Western Digital\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"42197\", \"versionType\": \"semver\"}], \"platforms\": [\"macOS\"], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Acronis\", \"product\": \"Acronis True Image OEM\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"42571\", \"versionType\": \"semver\"}], \"platforms\": [\"macOS\"], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://security-advisory.acronis.com/advisories/SEC-8193\", \"name\": \"SEC-8193\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"cvelib 1.8.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Local privilege escalation due to insecure XPC service configuration. The following products are affected: Acronis True Image (macOS) before build 42389, Acronis True Image for SanDisk (macOS) before build 42198, Acronis True Image for Western Digital (macOS) before build 42197, Acronis True Image OEM (macOS) before build 42571.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-269\", \"description\": \"CWE-269\"}]}], \"providerMetadata\": {\"orgId\": \"73dc0fef-1c66-4a72-9d2d-0a0f4012c175\", \"shortName\": \"Acronis\", \"dateUpdated\": \"2026-04-10T13:17:25.600Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-7779\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-10T13:17:25.600Z\", \"dateReserved\": \"2025-07-17T22:39:45.615Z\", \"assignerOrgId\": \"73dc0fef-1c66-4a72-9d2d-0a0f4012c175\", \"datePublished\": \"2025-09-30T14:52:46.494Z\", \"assignerShortName\": \"Acronis\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.