What is the CVSS score of CVE-2025-30411?

CVE-2025-30411 has a CVSS 3.0 base score of 10.0 (Critical). CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Windows are affected by CVE-2025-30411?

A critical authentication vulnerability in Acronis Cyber Protect 15 and 16 allows attackers to access and modify sensitive data without proper credentials, affecting both Linux and Windows…

How to fix or mitigate CVE-2025-30411?

Within 24 hours: Isolate affected Acronis systems from internet-facing networks and restrict administrative access to trusted personnel only. Within 7 days: Audit all backup activities and access logs for suspicious authentication or data manipulation; conduct forensic review of recent backup jobs. Within 30 days: Implement network segmentation with strict firewall rules limiting Acronis access to authorized networks only; monitor vendor security advisories for patch availability and prepare deployment plan immediately upon release.

Windows CVE-2025-30411

CRITICAL

Weak Authentication (CWE-1390)

2026-02-20 security@acronis.com

Windows Linux Cyber Protect

10.0

CVSS 3.0

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:04 vuln.today

CVE Published

Feb 20, 2026 - 01:15 nvd

CRITICAL 10.0

DescriptionNVD

Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.