Platform
macos
Component
acronis-true-image
Opgelost in
42389
42198
42197
42571
CVE-2025-7779 represents a privilege escalation vulnerability affecting Acronis True Image for macOS. This flaw stems from an insecure configuration within the XPC service, allowing a local attacker to potentially gain elevated privileges on the system. The vulnerability impacts versions prior to build 42571, including Acronis True Image (macOS), Acronis True Image for SanDisk (macOS), Acronis True Image for Western Digital (macOS), and Acronis True Image OEM (macOS). A fix is available in build 42571.
Successful exploitation of CVE-2025-7779 allows an attacker with local access to the affected system to escalate their privileges. This means a standard user could gain administrative or root access, effectively compromising the entire system. The attacker could then install malware, steal sensitive data, modify system configurations, or perform other malicious actions. The impact is particularly severe because it allows bypassing standard user account controls and gaining full control over the macOS environment. While the vulnerability requires local access, this could be achieved through social engineering, physical access, or by exploiting other vulnerabilities to gain an initial foothold.
CVE-2025-7779 was publicly disclosed on 2025-09-30. Currently, there are no publicly available proof-of-concept exploits. The EPSS score is pending evaluation. It is not currently listed on the CISA KEV catalog. Given the nature of privilege escalation vulnerabilities, it is reasonable to expect that researchers will develop exploits in the future.
Users of Acronis True Image for macOS, particularly those running legacy versions prior to build 42571, are at risk. This includes individuals and organizations relying on Acronis for backup and recovery solutions. Shared hosting environments where multiple users share the same macOS system are also at increased risk, as a compromised user account could potentially be leveraged to escalate privileges.
• macos: Use lsyslog to monitor for XPC service errors related to authentication or authorization.
lsof -i :xpc | grep Acronis• macos: Check system logs for unusual process executions with elevated privileges.
log show --last 1h | grep -i 'Acronis' | grep -i 'privilege escalation'• macos: Monitor for unexpected changes to system configuration files, particularly those related to user accounts and permissions.
find / -name '*acronis*' -mtime -1disclosure
Exploit Status
EPSS
0.01% (2% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2025-7779 is to upgrade Acronis True Image to build 42571 or later. If immediate upgrading is not possible due to compatibility issues or system downtime concerns, consider implementing stricter access controls and monitoring for suspicious activity. While a direct workaround for the XPC service configuration issue is not readily available, limiting the permissions granted to the XPC service itself could potentially reduce the attack surface. Regularly review and audit XPC service configurations for any anomalies. After upgrading, confirm the fix by attempting to trigger the privilege escalation exploit – it should fail.
Actualice Acronis True Image (macOS) a la versión 42389 o posterior, Acronis True Image for SanDisk (macOS) a la versión 42198 o posterior, Acronis True Image for Western Digital (macOS) a la versión 42197 o posterior, o Acronis True Image OEM (macOS) a la versión 42571 o posterior para mitigar la vulnerabilidad de escalada de privilegios.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-7779 is a HIGH severity privilege escalation vulnerability in Acronis True Image for macOS, allowing local attackers to gain elevated privileges due to an insecure XPC service configuration.
You are affected if you are using Acronis True Image for macOS versions prior to build 42571, including Acronis True Image (macOS), Acronis True Image for SanDisk (macOS), Acronis True Image for Western Digital (macOS), and Acronis True Image OEM (macOS).
Upgrade Acronis True Image to build 42571 or later to remediate the vulnerability. Consider stricter access controls and monitoring as interim measures.
Currently, there are no publicly known active exploits for CVE-2025-7779, but it's crucial to apply the patch promptly to prevent potential future exploitation.
Please refer to the official Acronis security advisory for CVE-2025-7779 on the Acronis website (link to advisory would be here if available).
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.