XXE Vulnerability in NAKIVO Backup & Replication Affects Remote Systems
CVE-2025-32406

8.6HIGH

Key Information:

Vendor: Nakivo
Status: Backup & Replication Director
Vendor: CVE Published:; 8 April 2025

What is CVE-2025-32406?

An XML External Entity (XXE) vulnerability exists in the Director NBR component of NAKIVO Backup & Replication, specifically in versions 10.3.x through 11.0.1. This flaw allows a remote attacker to manipulate XML data, creating conditions that enable them to fetch and parse unauthorized XML responses, potentially leading to sensitive data exposure and further exploitation of the system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Backup & Replication Director 10.3 < 11.0.2

References

https://helpcenter.nakivo.com/Knowledge-Base/Content/Secu...

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Apr 7, 2025

JSON

Nakivo

What is CVE-2025-32406?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.