What is the CVSS score of CVE-2025-30416?

CVE-2025-30416 has a CVSS 3.0 base score of 10.0 (Critical). CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Windows are affected by CVE-2025-30416?

A critical vulnerability in Acronis Cyber Protect 15 and 16 allows unauthorized access to sensitive data and unauthorized modifications without a patch currently available.

How to fix or mitigate CVE-2025-30416?

Within 24 hours: inventory all Acronis Cyber Protect installations and identify affected versions (15 before build 41800, 16 before build 39938); isolate affected systems from production networks if possible. Within 7 days: contact Acronis support for emergency patching timeline and deploy network segmentation to restrict access to Acronis infrastructure; implement enhanced monitoring and logging. Within 30 days: apply patches immediately upon vendor release or migrate to patched versions; conduct forensic audit for unauthorized access indicators.

Windows CVE-2025-30416

CRITICAL

Missing Authorization (CWE-862)

2026-02-20 security@acronis.com

Windows Linux Cyber Protect

10.0

CVSS 3.0

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:04 vuln.today

CVE Published

Feb 20, 2026 - 01:15 nvd

CRITICAL 10.0

DescriptionNVD

Sensitive data disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.

AnalysisAI

Missing authorization in Acronis Cyber Protect 16 allows sensitive data access. CVSS 10.0.

Technical ContextAI

CWE-862.

RemediationAI

Apply vendor patch.

More from same product – last 7 days

CVE-2026-47334 MEDIUM This Month

5.5 May 28

Kernel availability loss in Ubuntu Linux 6.8, 6.17, and 7.0 can be triggered by any unprivileged local user via a defect

CVE-2026-47335 MEDIUM This Month

5.5 May 28

Kernel panic via NULL pointer dereference in Ubuntu Linux 6.8's AppArmor notification handler allows a locally authentic

CVE-2026-47327 LOW Monitor

3.3 May 28

NULL pointer dereference in Ubuntu Linux kernel versions 6.8, 6.17, and 7.0 allows a local unprivileged user to crash th

CVE-2026-47337 LOW Monitor

3.3 May 28

NULL pointer dereference in Ubuntu Linux kernel SAUCE patches (versions 6.8, 6.17, and 7.0) allows an unprivileged local

CVE-2026-45844 Monitor

May 27

In the Linux kernel, the following vulnerability has been resolved: netfilter: arp_tables: fix IEEE1394 ARP payload par

CVE-2025-30416 vulnerability details – vuln.today

Back

Windows CVE-2025-30416

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code