{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-11178","assignerOrgId":"73dc0fef-1c66-4a72-9d2d-0a0f4012c175","state":"PUBLISHED","assignerShortName":"Acronis","dateReserved":"2025-09-29T22:35:29.171Z","datePublished":"2025-09-30T14:52:20.711Z","dateUpdated":"2026-04-10T13:16:25.613Z"},"containers":{"cna":{"providerMetadata":{"orgId":"73dc0fef-1c66-4a72-9d2d-0a0f4012c175","shortName":"Acronis","dateUpdated":"2026-04-10T13:16:25.613Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-427","description":"CWE-427","type":"CWE"}]}],"affected":[{"vendor":"Acronis","product":"Acronis True Image","platforms":["Windows"],"versions":[{"version":"unspecified","status":"affected","lessThan":"42386","versionType":"semver"}],"defaultStatus":"unaffected"},{"vendor":"Acronis","product":"Acronis True Image for Western Digital","platforms":["Windows"],"versions":[{"version":"unspecified","status":"affected","lessThan":"42636","versionType":"semver"}],"defaultStatus":"unaffected"},{"vendor":"Acronis","product":"Acronis True Image for SanDisk","platforms":["Windows"],"versions":[{"version":"unspecified","status":"affected","lessThan":"42679","versionType":"semver"}],"defaultStatus":"unaffected"},{"vendor":"Acronis","product":"Acronis True Image OEM","platforms":["Windows"],"versions":[{"version":"unspecified","status":"affected","lessThan":"42575","versionType":"semver"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42386, Acronis True Image for Western Digital (Windows) before build 42636, Acronis True Image for SanDisk (Windows) before build 42679, Acronis True Image OEM (Windows) before build 42575."}],"references":[{"url":"https://security-advisory.acronis.com/advisories/SEC-7078","name":"SEC-7078","tags":["vendor-advisory"]}],"credits":[{"lang":"en","value":"@satz4797 (https://hackerone.com/satz4797)","type":"finder"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_0":{"version":"3.0","baseScore":7.3,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}}],"x_generator":{"engine":"cvelib 1.8.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2025-11178","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-10-01T03:55:57.464131Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T17:47:47.868Z"}}]}}