An improper authorization check in Acronis Cyber Protect allows an attacker to manipulate resources they should not have access to. The vulnerability is associated with CWE-863 (Authorization Bypass Through User-Controlled Key). While the description does not specify the exact exploitation path, it implies that an authenticated or unauthenticated user can trigger actions that bypass normal access controls, potentially leading to data tampering or service disruption. The impact is limited to the scope of the affected system but can compromise the integrity of protected data or system configuration.

The affected products are Acronis Cyber Protect version 17 running on Linux and Windows operating systems, specifically any build before 41186. No other versions or platforms are listed, and the vulnerability does not appear to affect earlier releases or unrelated Acronis products.

The CVSS score is 4.3, indicating a moderate severity impact. The EPSS score is below 1%, suggesting low observed exploit activity to date. The vulnerability is not listed in CISA’s KEV catalog. Given the improper authorization nature, the likely attack vector would involve a user with access to the Acronis application or a service running on the host. Exploitation would require successfully interacting with the affected component, potentially via standard user credentials, to perform unauthorized resource changes.