What the vulnerability does
01Description
Sensitive information disclosure due to SSRF. The following products are affected: Acronis Cyber Protect 16 (Windows, Linux) before build 39938.
CVSS base score
4.3/10
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Key dates
02Disclosure timeline
June 4, 2025
CVE published
June 4, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-13905 OneStore Sites <= 0.1.1 - Unauthenticated Blind Server-Side Request Forgery
CVE-2025-53461 WordPress Beaf Plugin <= 1.6.2 - Server Side Request Forgery (SSRF) Vulnerability
CVE-2026-41130 Craft CMS has a host header injection leading to SSRF via resource-js endpoint
CVE-2025-10137 Snow Monkey <= 29.1.5 - Unauthenticated Blind Server-Side Request Forgery
CVE-2024-41664 Blind SSRF via Canarytoken Webhook
