Description
Arbitrary file overwrite during home directory recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.4.866, Acronis Backup plugin for cPanel & WHM (Linux) before build 1.9.1.892, Acronis Backup extension for Plesk (Linux) before build 1.8.7.615.
Scores
CVSS v3
5.5
EPSS
0.0012
EPSS Percentile
30.2%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-61
Status
published
Products (3)
Acronis/Acronis Backup extension for Plesk
unspecified - 1.8.7.615
Acronis/Acronis Backup plugin for cPanel & WHM
unspecified - 1.8.4.866
Acronis/Acronis Backup plugin for cPanel & WHM
unspecified - 1.9.1.892
Published
Feb 27, 2025
Tracked Since
Feb 18, 2026