Description
Local privilege escalation due to insecure XPC service configuration. The following products are affected: Acronis True Image (macOS) before build 42389, Acronis True Image for SanDisk (macOS) before build 42198, Acronis True Image for Western Digital (macOS) before build 42197, Acronis True Image OEM (macOS) before build 42571.
Published: 2025-09-30
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation
Action: Patch
AI Analysis

Impact

The vulnerability is caused by an insecure configuration of an XPC service that allows a local user to create or modify privileged data, resulting in the ability to gain root privileges. This flaw falls under CWE‑269, Improper Privilege Management, and enables an attacker to read, alter, or delete sensitive system data and control the machine.

Affected Systems

Affected products include Acronis True Image for macOS before build 42389, Acronis True Image OEM for macOS before build 42571, Acronis True Image for SanDisk for macOS before build 42198, and Acronis True Image for Western Digital for macOS before build 42197.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity, yet the EPSS score of <1% shows a very low likelihood of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires local access to the macOS system and the presence of the vulnerable XPC service running with elevated privileges. If an attacker local or remote with local privileges can run code, they could execute the service to raise privileges.

Generated by OpenCVE AI on April 20, 2026 at 17:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the latest Acronis True Image for macOS (build 42389 or later) and repeat for the OEM, SanDisk, and Western Digital variants.
  • Follow the detailed patch guidance in the Acronis security advisory at https://security-advisory.acronis.com/advisories/SEC-8193.
  • Ensure macOS itself is updated to the latest security patches and consider disabling or removing the vulnerable XPC service if a patch is not yet available.

Generated by OpenCVE AI on April 20, 2026 at 17:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-31740 Local privilege escalation due to insecure XPC service configuration. The following products are affected: Acronis True Image (macOS) before build 42389, Acronis True Image for SanDisk (macOS) before build 42198, Acronis True Image for Western Digital (macOS) before build 42197.
History

Mon, 20 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
Title Local Privilege Escalation via Insecure XPC Service Configuration in Acronis True Image for macOS

Fri, 10 Apr 2026 13:45:00 +0000

Type Values Removed Values Added
Description Local privilege escalation due to insecure XPC service configuration. The following products are affected: Acronis True Image (macOS) before build 42389, Acronis True Image for SanDisk (macOS) before build 42198, Acronis True Image for Western Digital (macOS) before build 42197. Local privilege escalation due to insecure XPC service configuration. The following products are affected: Acronis True Image (macOS) before build 42389, Acronis True Image for SanDisk (macOS) before build 42198, Acronis True Image for Western Digital (macOS) before build 42197, Acronis True Image OEM (macOS) before build 42571.

Thu, 02 Oct 2025 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Acronis
Acronis true Image
Acronis true Image Agent
Apple
Apple macos
Vendors & Products Acronis
Acronis true Image
Acronis true Image Agent
Apple
Apple macos

Tue, 30 Sep 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 30 Sep 2025 15:00:00 +0000

Type Values Removed Values Added
Description Local privilege escalation due to insecure XPC service configuration. The following products are affected: Acronis True Image (macOS) before build 42389, Acronis True Image for SanDisk (macOS) before build 42198, Acronis True Image for Western Digital (macOS) before build 42197.
Weaknesses CWE-269
References
Metrics cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Acronis True Image True Image Agent
Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: Acronis

Published:

Updated: 2026-04-10T13:17:25.600Z

Reserved: 2025-07-17T22:39:45.615Z

Link: CVE-2025-7779

cve-icon Vulnrichment

Updated: 2025-09-30T15:34:10.239Z

cve-icon NVD

Status : Deferred

Published: 2025-09-30T15:15:59.247

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-7779

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T18:00:11Z

Weaknesses