XXE Vulnerability in NAKIVO Backup & Replication Affects Remote Systems
CVE-2025-32406
8.6HIGH
What is CVE-2025-32406?
An XML External Entity (XXE) vulnerability exists in the Director NBR component of NAKIVO Backup & Replication, specifically in versions 10.3.x through 11.0.1. This flaw allows a remote attacker to manipulate XML data, creating conditions that enable them to fetch and parse unauthorized XML responses, potentially leading to sensitive data exposure and further exploitation of the system.
Affected Version(s)
Backup & Replication Director 10.3 < 11.0.2