Server-Side Request Forgery in Nimesa Backup and Recovery by Nimesa
CVE-2025-53473

6.9MEDIUM

Key Information:

Vendor: Nimesa
Status: Nimesa Backup And Recovery
Vendor: CVE Published:; 7 July 2025

What is CVE-2025-53473?

A server-side request forgery vulnerability affects multiple versions of Nimesa Backup and Recovery. If exploited, an attacker can manipulate the application to send unauthorized requests to internal resources, potentially leading to exposure of sensitive data or further attacks on internal systems.

Affected Version(s)

Nimesa Backup and Recovery prior to v3.0.2025062305

Nimesa Backup and Recovery v2.3

Nimesa Backup and Recovery v2.4

References

https://aws.amazon.com/marketplace/seller-profile?id=08fb...

https://jvn.jp/en/jp/JVN88251376/

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

CVSS V3.0

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 7, 2025
Vulnerability Reserved
Jul 2, 2025