XXE Vulnerability in NAKIVO Backup & Replication Affects Remote Systems
CVE-2025-32406

8.6HIGH

Key Information:

Vendor: Nakivo
Status: Backup & Replication Director
Vendor: CVE Published:; 8 April 2025

What is CVE-2025-32406?

An XML External Entity (XXE) vulnerability exists in the Director NBR component of NAKIVO Backup & Replication, specifically in versions 10.3.x through 11.0.1. This flaw allows a remote attacker to manipulate XML data, creating conditions that enable them to fetch and parse unauthorized XML responses, potentially leading to sensitive data exposure and further exploitation of the system.

Affected Version(s)

Backup & Replication Director 10.3 < 11.0.2

References

https://helpcenter.nakivo.com/Knowledge-Base/Content/Secu...

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Apr 7, 2025

Nakivo

What is CVE-2025-32406?

Affected Version(s)

References

CVSS V3.1

Timeline