CVE-2024-55538 MEDIUM

CVE-2024-55538

Vendor Acronis
Product Acronis True Image
Weakness CWE-306 · Missing auth
Published January 2, 2025
Last update April 10, 2026

CVSS base score

4.0/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Sensitive information disclosure due to missing authentication. The following products are affected: Acronis True Image (macOS) before build 41725, Acronis True Image (Windows) before build 41736, Acronis True Image OEM (macOS) before build 42571, Acronis True Image OEM (Windows) before build 42575.

Key dates

02Disclosure timeline

January 2, 2025 CVE published
April 10, 2026 Record updated