{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-11178", "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "state": "PUBLISHED", "assignerShortName": "Acronis", "dateReserved": "2025-09-29T22:35:29.171Z", "datePublished": "2025-09-30T14:52:20.711Z", "dateUpdated": "2026-04-10T13:16:25.613Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "shortName": "Acronis", "dateUpdated": "2026-04-10T13:16:25.613Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-427", "description": "CWE-427", "type": "CWE"}]}], "affected": [{"vendor": "Acronis", "product": "Acronis True Image", "platforms": ["Windows"], "versions": [{"version": "unspecified", "status": "affected", "lessThan": "42386", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Acronis", "product": "Acronis True Image for Western Digital", "platforms": ["Windows"], "versions": [{"version": "unspecified", "status": "affected", "lessThan": "42636", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Acronis", "product": "Acronis True Image for SanDisk", "platforms": ["Windows"], "versions": [{"version": "unspecified", "status": "affected", "lessThan": "42679", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Acronis", "product": "Acronis True Image OEM", "platforms": ["Windows"], "versions": [{"version": "unspecified", "status": "affected", "lessThan": "42575", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42386, Acronis True Image for Western Digital (Windows) before build 42636, Acronis True Image for SanDisk (Windows) before build 42679, Acronis True Image OEM (Windows) before build 42575."}], "references": [{"url": "https://security-advisory.acronis.com/advisories/SEC-7078", "name": "SEC-7078", "tags": ["vendor-advisory"]}], "credits": [{"lang": "en", "value": "@satz4797 (https://hackerone.com/satz4797)", "type": "finder"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}}], "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-11178", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-10-01T03:55:57.464131Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T17:47:47.868Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-11178", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-10-01T03:55:57.464131Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-30T15:27:49.865Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "@satz4797 (https://hackerone.com/satz4797)"}], "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Acronis", "product": "Acronis True Image", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "42386", "versionType": "semver"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}, {"vendor": "Acronis", "product": "Acronis True Image for Western Digital", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "42636", "versionType": "semver"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}, {"vendor": "Acronis", "product": "Acronis True Image for SanDisk", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "42679", "versionType": "semver"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}, {"vendor": "Acronis", "product": "Acronis True Image OEM", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "42575", "versionType": "semver"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "references": [{"url": "https://security-advisory.acronis.com/advisories/SEC-7078", "name": "SEC-7078", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42386, Acronis True Image for Western Digital (Windows) before build 42636, Acronis True Image for SanDisk (Windows) before build 42679, Acronis True Image OEM (Windows) before build 42575."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-427", "description": "CWE-427"}]}], "providerMetadata": {"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "shortName": "Acronis", "dateUpdated": "2026-04-10T13:16:25.613Z"}}}, "cveMetadata": {"cveId": "CVE-2025-11178", "state": "PUBLISHED", "dateUpdated": "2026-04-10T13:16:25.613Z", "dateReserved": "2025-09-29T22:35:29.171Z", "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "datePublished": "2025-09-30T14:52:20.711Z", "assignerShortName": "Acronis"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42386, Acronis True Image for Western Digital (Windows) before build 42636, Acronis True Image for SanDisk (Windows) before build 42679, Acronis True Image OEM (Windows) before build 42575."}, {"lang": "es", "value": "Escalada de privilegios local debido a una vulnerabilidad de secuestro de DLL. Los siguientes productos est\u00e1n afectados: Acronis True Image (Windows) anterior a la compilaci\u00f3n 42386, Acronis True Image para Western Digital (Windows) anterior a la compilaci\u00f3n 42636, Acronis True Image para SanDisk (Windows) anterior a la compilaci\u00f3n 42679."}], "id": "CVE-2025-11178", "lastModified": "2026-04-10T14:16:24.873", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.3, "impactScore": 5.9, "source": "security@acronis.com", "type": "Secondary"}]}, "published": "2025-09-30T15:15:47.863", "references": [{"source": "security@acronis.com", "url": "https://security-advisory.acronis.com/advisories/SEC-7078"}], "sourceIdentifier": "security@acronis.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "security@acronis.com", "type": "Secondary"}]}

{}

{"created": "2025-10-02T08:46:12.665001+00:00", "updated": "2025-10-02T08:46:12.665057+00:00", "vendors": ["acronis", "acronis$PRODUCT$true_image", "microsoft", "microsoft$PRODUCT$windows"]}