CVE-2020-25736

HIGH

Acronis TrueImage XPC Privilege Escalation

Title source: metasploit
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-25736. PoCs published by Csaba Fitzl, Shelby Pace, including Metasploit module exploits/osx/local/acronis_trueimage_xpc_privesc.

AI-analyzed exploit summary This Metasploit module exploits a privilege escalation vulnerability in Acronis TrueImage by leveraging an unvalidated helper tool (`com.acronis.trueimagehelper`) to execute arbitrary commands with root privileges. It uploads a payload and uses either a compiled or on-target-compiled Objective-C exploit to trigger the vulnerability.

Description

Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation due to an insecure XPC service configuration.

Exploits (1)

metasploit WORKING POC EXCELLENT
by Csaba Fitzl, Shelby Pace · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/osx/local/acronis_trueimage_xpc_privesc.rb

This Metasploit module exploits a privilege escalation vulnerability in Acronis TrueImage by leveraging an unvalidated helper tool (`com.acronis.trueimagehelper`) to execute arbitrary commands with root privileges. It uploads a payload and uses either a compiled or on-target-compiled Objective-C exploit to trigger the vulnerability.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Acronis TrueImage versions 2019 update 1 through 2021 update 1
No auth needed
Prerequisites: Access to a vulnerable macOS system with Acronis TrueImage installed · Write permissions to a directory (default: /tmp)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.8
EPSS 0.0215
EPSS Percentile 79.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (3)
acronis/true_image 2019 1 (3 CPE variants)
acronis/true_image 2020
acronis/true_image 2021 1
Published Jul 15, 2021
Tracked Since Feb 18, 2026