Path Traversal Vulnerability in NAKIVO Backup & Replication
CVE-2024-48248
Key Information:
- Vendor
- Nakivo
- Status
- Backup & Replication Director
- Vendor
- CVE Published:
- 4 March 2025
Badges
What is CVE-2024-48248?
CVE-2024-48248 is a critical vulnerability identified in NAKIVO Backup & Replication, a software solution designed for data backup, recovery, and replication purposes within IT infrastructures. This vulnerability enables unauthorized users to exploit absolute path traversal, allowing them to gain access to sensitive files that may include cleartext credentials. Such exposure poses a significant risk to organizations, as it could potentially lead to unauthorized access and remote code execution, undermining the integrity and security of their backup systems.
Technical Details
This vulnerability specifically affects versions of NAKIVO Backup & Replication prior to 11.0.0.88174. It involves the getImageByPath
function, which is vulnerable to absolute path traversal attacks that can lead to reading sensitive files directly from the filesystem. Such an oversight allows attackers to navigate the server's directory structure improperly, which can expose critical data and credentials used by the application for authentication and other purposes.
Potential impact of CVE-2024-48248
-
Remote Code Execution: The vulnerability can lead to unauthorized remote code execution across enterprise networks, allowing attackers to manipulate systems and potentially deploy malicious software.
-
Credential Exposure: Access to cleartext credentials may result in further exploitation throughout the organization, enabling attackers to gain additional access to systems and sensitive information.
-
Data Integrity Risks: Compromised backup systems can lead to a loss of data integrity, making it difficult for organizations to recover from attacks or data loss events, thereby increasing operational risks.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Backup & Replication Director 0 < 11.0.0.88174
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
Week in review: Veeam Backup & Replication RCE fixed, free file converter sites deliver malware - Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Critical Veeam Backup & Replication RCE vulnerability
2 weeks ago
NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248) - Help Net Security
A vulnerability (CVE-2024-48248) in NAKIVO Backup and Replication, used by orgs of all sizes and MSPs, is being exploited by attackers.
2 weeks ago
The Good, the Bad and the Ugly in Cybersecurity - Week 12
Three new bugs added to CISA's KEV catalog, RaaS affiliates use new custom backdoor, and compromised GitHub Action exposes CI/CD secrets.
2 weeks ago
References
EPSS Score
90% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 👾
Exploit known to exist
- 🦅
CISA Reported
Vulnerability published
- 📰
First article discovered by watchTowr Labs
Vulnerability Reserved