{"api_version":"1","generated_at":"2026-04-11T08:43:58+00:00","cve":"CVE-2025-7779","urls":{"html":"https://cve.report/CVE-2025-7779","api":"https://cve.report/api/cve/CVE-2025-7779.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-7779","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-7779"},"summary":{"title":"CVE-2025-7779","description":"Local privilege escalation due to insecure XPC service configuration. The following products are affected: Acronis True Image (macOS) before build 42389, Acronis True Image for SanDisk (macOS) before build 42198, Acronis True Image for Western Digital (macOS) before build 42197, Acronis True Image OEM (macOS) before build 42571.","state":"PUBLISHED","assigner":"Acronis","published_at":"2025-09-30 15:15:59","updated_at":"2026-04-10 14:16:25"},"problem_types":["CWE-269","CWE-269 CWE-269"],"metrics":[{"version":"3.0","source":"security@acronis.com","type":"Secondary","score":"8.8","severity":"HIGH","vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","data":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.0","source":"CNA","type":"CVSS","score":"8.8","severity":"HIGH","vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","data":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","version":"3.0"}}],"references":[{"url":"https://security-advisory.acronis.com/advisories/SEC-8193","name":"https://security-advisory.acronis.com/advisories/SEC-8193","refsource":"security@acronis.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-7779","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7779","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Acronis","product":"Acronis True Image","version":"affected unspecified 42389 semver","platforms":["macOS"]},{"source":"CNA","vendor":"Acronis","product":"Acronis True Image for SanDisk","version":"affected unspecified 42198 semver","platforms":["macOS"]},{"source":"CNA","vendor":"Acronis","product":"Acronis True Image for Western Digital","version":"affected unspecified 42197 semver","platforms":["macOS"]},{"source":"CNA","vendor":"Acronis","product":"Acronis True Image OEM","version":"affected unspecified 42571 semver","platforms":["macOS"]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"@nullevent (https://hackerone.com/nullevent)","lang":"en"},{"source":"CNA","value":"Carlos Garrido (https://pentraze.com/vulnerability-reports)","lang":"en"},{"source":"CNA","value":"Pentraze Cyber Security (https://pentraze.com/vulnerability-reports)","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"7779","cve":"CVE-2025-7779","epss":"0.000120000","percentile":"0.017230000","score_date":"2026-04-10","updated_at":"2026-04-11 00:00:33"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-7779","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2025-10-01T03:55:58.283462Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-02-26T17:47:47.347Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["macOS"],"product":"Acronis True Image","vendor":"Acronis","versions":[{"lessThan":"42389","status":"affected","version":"unspecified","versionType":"semver"}]},{"defaultStatus":"unaffected","platforms":["macOS"],"product":"Acronis True Image for SanDisk","vendor":"Acronis","versions":[{"lessThan":"42198","status":"affected","version":"unspecified","versionType":"semver"}]},{"defaultStatus":"unaffected","platforms":["macOS"],"product":"Acronis True Image for Western Digital","vendor":"Acronis","versions":[{"lessThan":"42197","status":"affected","version":"unspecified","versionType":"semver"}]},{"defaultStatus":"unaffected","platforms":["macOS"],"product":"Acronis True Image OEM","vendor":"Acronis","versions":[{"lessThan":"42571","status":"affected","version":"unspecified","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"@nullevent (https://hackerone.com/nullevent)"},{"lang":"en","type":"finder","value":"Carlos Garrido (https://pentraze.com/vulnerability-reports)"},{"lang":"en","type":"finder","value":"Pentraze Cyber Security (https://pentraze.com/vulnerability-reports)"}],"descriptions":[{"lang":"en","value":"Local privilege escalation due to insecure XPC service configuration. The following products are affected: Acronis True Image (macOS) before build 42389, Acronis True Image for SanDisk (macOS) before build 42198, Acronis True Image for Western Digital (macOS) before build 42197, Acronis True Image OEM (macOS) before build 42571."}],"metrics":[{"cvssV3_0":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","version":"3.0"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-269","description":"CWE-269","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-10T13:17:25.600Z","orgId":"73dc0fef-1c66-4a72-9d2d-0a0f4012c175","shortName":"Acronis"},"references":[{"name":"SEC-8193","tags":["vendor-advisory"],"url":"https://security-advisory.acronis.com/advisories/SEC-8193"}],"x_generator":{"engine":"cvelib 1.8.0"}}},"cveMetadata":{"assignerOrgId":"73dc0fef-1c66-4a72-9d2d-0a0f4012c175","assignerShortName":"Acronis","cveId":"CVE-2025-7779","datePublished":"2025-09-30T14:52:46.494Z","dateReserved":"2025-07-17T22:39:45.615Z","dateUpdated":"2026-04-10T13:17:25.600Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2025-09-30 15:15:59","lastModifiedDate":"2026-04-10 14:16:25","problem_types":["CWE-269","CWE-269 CWE-269"],"metrics":{"cvssMetricV30":[{"source":"security@acronis.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2,"impactScore":6}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"7779","Ordinal":"1","Title":"CVE-2025-7779","CVE":"CVE-2025-7779","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"7779","Ordinal":"1","NoteData":"Local privilege escalation due to insecure XPC service configuration. The following products are affected: Acronis True Image (macOS) before build 42389, Acronis True Image for SanDisk (macOS) before build 42198, Acronis True Image for Western Digital (macOS) before build 42197, Acronis True Image OEM (macOS) before build 42571.","Type":"Description","Title":"CVE-2025-7779"}]}}}