CVE-2025-24832

Summary

Arbitrary file overwrite during home directory recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.4.866, Acronis Backup plugin for cPanel & WHM (Linux) before build 1.9.1.892, Acronis Backup extension for Plesk (Linux) before build 1.8.7.615.

Affected Software

VendorProductVersion RangeStatus
AcronisAcronis Backup plugin for cPanel & WHMunspecified < 1.8.4.866affected
AcronisAcronis Backup plugin for cPanel & WHMunspecified < 1.9.1.892affected
AcronisAcronis Backup extension for Pleskunspecified < 1.8.7.615affected

Weaknesses

  • CWE-61: CWE-61

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References