OS Command Injection Vulnerability in Nimesa Backup and Recovery by Nimesa
CVE-2025-48501

9.3CRITICAL

Key Information:

Vendor: Nimesa
Status: Nimesa Backup And Recovery
Vendor: CVE Published:; 7 July 2025

What is CVE-2025-48501?

An OS command injection vulnerability has been identified in Nimesa Backup and Recovery versions 2.3 and 2.4. This issue allows an attacker to execute arbitrary OS commands on the server hosting the application. Successful exploitation could lead to unauthorized access and control over critical system functions, posing significant security risks to the integrity of the affected environment.

Affected Version(s)

Nimesa Backup and Recovery v2.3

Nimesa Backup and Recovery v2.4

References

https://aws.amazon.com/marketplace/seller-profile?id=08fb...

https://jvn.jp/en/jp/JVN88251376/

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

CVSS V3.0

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 7, 2025
Vulnerability Reserved
Jul 2, 2025