CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-48248

Critical Severity
SVRS
80/100
CVSSv3
8.6/10
EPSS
0.93058/1

CVE-2024-48248 is a critical vulnerability in NAKIVO Backup & Replication before version 11.0.0.88174, allowing for absolute path traversal. This flaw can be exploited through getImageByPath to /c/router, potentially leading to remote code execution across an organization. SOCRadar's Vulnerability Risk Score (SVRS) for CVE-2024-48248 is 80, indicating a critical threat demanding immediate action. The vulnerability arises from inadequate path validation, which permits attackers to read arbitrary files on the system. This access can expose sensitive information, including cleartext credentials used by PhysicalDiscovery, making it possible to compromise the entire enterprise. With active exploits already available and tagged as "In The Wild" and listed in CISA's KEV, the risk of exploitation is elevated, requiring prompt patching or mitigation.

TAGS
In The Wild
Exploit Avaliable
CISA KEV
Exploit Available
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:C
C:H
I:N
A:N
PUBLICATION DATE2025-03-04
LAST MODIFIED2025-03-25
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-48248 is a critical vulnerability affecting NAKIVO Backup & Replication versions prior to 11.0.0.88174. It involves an absolute path traversal vulnerability through the getImageByPath function in the /c/router endpoint, potentially allowing unauthorized reading of arbitrary files on the system. Given the SVRS score of 82, this vulnerability is considered critical and necessitates immediate attention. The description specifies this vulnerability "may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials". The Cybersecurity and Infrastructure Security Agency (CISA) has warned of the vulnerability, calling for immediate and necessary measures.

Key Insights

  • Remote Code Execution Risk: The vulnerability can expose cleartext credentials within the PhysicalDiscovery functionality, potentially leading to remote code execution across the entire enterprise network. The ability to read arbitrary files via path traversal amplifies the risk.
  • Actively Exploited: The vulnerability is actively exploited by hackers "In The Wild," increasing the urgency for patching and mitigation.
  • CISA KEV Designation: The Cybersecurity and Infrastructure Security Agency (CISA) has included this vulnerability in its Known Exploited Vulnerabilities (KEV) catalog, indicating it poses a significant risk to federal agencies and encouraging all organizations to prioritize remediation. Active exploits have been published to exploit the vulnerability.
  • Exploit Availability: There are active exploits have been published to exploit the vulnerability.

Mitigation Strategies

  1. Immediate Patching: Upgrade NAKIVO Backup & Replication to version 11.0.0.88174 or later to remediate the vulnerability. This is the most critical step to prevent exploitation.
  2. Credential Rotation: If an upgrade is not immediately feasible, rotate all credentials potentially exposed by the PhysicalDiscovery functionality, especially those used by NAKIVO Backup & Replication.
  3. Network Segmentation: Implement network segmentation to limit the potential impact of a successful exploit. Restrict access to sensitive systems and data from the NAKIVO Backup & Replication server.
  4. Web Application Firewall (WAF) Rules: Deploy or update WAF rules to detect and block path traversal attempts targeting the /c/router endpoint. Consider input validation to prevent malicious requests.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
NAKIVO Backup and Replication Absolute Path Traversal Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-482482025-03-19
watchtowrlabs/nakivo-arbitrary-file-read-poc-CVE-2024-48248https://github.com/watchtowrlabs/nakivo-arbitrary-file-read-poc-CVE-2024-482482025-01-28
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

SANS Stormcast Thursday Feb 27th: High Exfil Ports; Malicious VS Code Theme; Developer Workstation Safety; NAKIVO PoC; OpenH264 and rsync vuln;
Dr. Johannes B. Ullrich2025-02-27
SANS Stormcast Thursday Feb 27th: High Exfil Ports; Malicious VS Code Theme; Developer Workstation Safety; NAKIVO PoC; OpenH264 and rsync vuln; | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday Feb 27th: High Exfil Ports; Malicious VS Code Theme; Developer Workstation Safety; NAKIVO PoC; OpenH264 and rsync vuln; Attacker of of Ephemeral Ports Attackers often use ephermeral ports to reach out to download additional resources or exfiltrate data. This can be used, with care, to detect possible compromises. <a
sans.edu
rss
forum
news
Tageszusammenfassung - 26.02.2025
CERT.at2025-04-01
Tageszusammenfassung - 26.02.2025 | End-of-Day report Timeframe: Dienstag 25-02-2025 18:00 - Mittwoch 26-02-2025 18:00 Handler: Michael Schlagenhaufer Co-Handler: Alexander Riepl News Datenleck-Such-Website Have I Been Pwned um 284 Millionen Accounts aufgestockt Im Telegram-Kanal ALIEN TXTBASE wurden von Infostealer-Malware erbeute Mailadressen und Passwörter geteilt. Diese Daten sind nun in HIBP integriert. https://www.heise.de/news/Datenleck-Such-Website-Have-I-Been-Pwned-um-284-Millionen-Accounts-aufgestockt-10296120.html
cve-2024-48248
global
server
security
24th March – Threat Intelligence Report - Check Point Research
2025-03-24
24th March – Threat Intelligence Report - Check Point Research | News Content: For the latest discoveries in cyber research for the week of 24th March, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Municipalities in four US states experienced cyberattacks that disrupted services for county offices, courts, and schools. Cleveland Municipal Court was hit by Qilin ransomware attack, forcing employees offline and delaying trials, while Strafford County, Pelham School District, and Derby Police Department also reported service disruptions which were not claimed by any specific threat actor. Check Point Harmony Endpoint and Threat Emulation provide protection against this threat (Ransomware.Wins.Qilin
google.com
rss
forum
news
The Good, the Bad and the Ugly in Cybersecurity – Week 12
SentinelOne2025-03-21
The Good, the Bad and the Ugly in Cybersecurity – Week 12 | Three new bugs added to CISA's KEV catalog, RaaS affiliates use new custom backdoor, and compromised GitHub Action exposes CI/CD secrets.The Good | CISA Updates Its KEV Catalog, Reminding Users to Prioritize Patch Management CISA has added three newly exploited vulnerabilities to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog
sentinelone.com
rss
forum
news
NAKIVO Backup &amp; Replication vulnerability exploited by attackers (CVE-2024-48248)
Zeljka Zorz2025-03-21
NAKIVO Backup &amp; Replication vulnerability exploited by attackers (CVE-2024-48248) | A vulnerability (CVE-2024-48248) in NAKIVO Backup and Replication, a backup, ransomware protection and disaster recovery solution designed for organizations of all sizes and managed service providers (MSPs), is being actively exploited. The US Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities catalog on Wednesday, but it&#8217;s yet unknown whether the flaw is being leveraged by ransomware attackers, who often try to delete existing backups to make it more &#8230; <a href="https://www.helpnetsecurity.com/2025/03/21/nakivo-backup-replication-vulnerability-exploited-by-attackers-cve-2024-48248/" rel
helpnetsecurity.com
rss
forum
news
Comment on CVE Rule Allows MITRE to Hide When They Are Failing to Provide Timely Information on Vulnerabilities by CISA Warns of Exploited Nakivo Vulnerability - Source: www.securityweek.com - CISO2CISO.COM &amp; CYBER SECURITY GROUP
CISA Warns of Exploited Nakivo Vulnerability - Source: www.securityweek.com - CISO2CISO.COM &#38; CYBER SECURITY GROUP2025-03-20
Comment on CVE Rule Allows MITRE to Hide When They Are Failing to Provide Timely Information on Vulnerabilities by CISA Warns of Exploited Nakivo Vulnerability - Source: www.securityweek.com - CISO2CISO.COM &amp; CYBER SECURITY GROUP | [&#8230;] on March 6, Plugin Vulnerabilities reported that the MITRE CVE Program entry for CVE-2024-48248 was still empty, and that the first [&#8230;][&#8230;] on March 6, Plugin Vulnerabilities reported that the MITRE CVE Program entry for CVE-2024-48248 was still empty, and that the first [&#8230;]
pluginvulnerabilities.com
rss
forum
news
CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation
Ajit Jasrotia2025-03-20
CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting NAKIVO Backup &#38; Replication software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2024-48248 (CVSS score: 8.6), an absolute path traversal bug that could allow an unauthenticated attacker to read files [&#8230;] The post CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation
allhackernews.com
rss
forum
news

Social Media

The Best Security Is When We All Agree To Keep Everything Secret (Except The Secrets) - NAKIVO Backup &amp; Replication (CVE-2024-48248) #NAKIVOBackup #SecurityAgreement #ArbitraryFileRead #UnauthenticatedAccessVulnerability #BackupSolutions https://t.co/5iORO45x1X
0
0
3
#ThreatProtection #CVE-2024-48248 - #NAKIVO Backup and Replication absolute path traversal #vulnerability, read more about Symantec's protection: https://t.co/2gohR5FAUZ
0
0
1
CISA has warned U.S. federal agencies about active exploitation of a high-severity vulnerability (CVE-2024-48248) in NAKIVO’s Backup &amp; Replication software. This path traversal flaw allows unauthenticated attackers to read arbitrary files. . #CISA #CyberSecurity #NAKIVO https://t.co/V5VMPMxBb7
0
0
1
NAKIVO Backup &amp; Replication vulnerability exploited by attackers (CVE-2024-48248) - Help Net Security https://t.co/snkVaBjoAm
0
1
0
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-48248 #NAKIVO Backup and Replication Absolute Path Traversal #Vulnerability https://t.co/dv4AebXVC5
0
0
0
🚨 Threat Alert: NAKIVO Backup &amp; Replication Vulnerability Exploitation (CVE-2024-48248) 📅 Date: 2025-03-21 📆 Timeline: Vulnerability disclosed on September 13, 2024 and patched on November 4, 2024. 📌 Attribution: watchTowr Labs 📝 Summary: A vulnerability (CVE-2024-48248) in
1
0
0
💀 CISA just flagged this backup flaw as actively exploited! CVE-2024-48248 | Unauthenticated file read in NAKIVO Backup &amp; Replication exposes sensitive data &amp; credentials. 🔹 Exploit already public 🔹 Update before it’s too late https://t.co/ku4z7Ep1So
0
0
0
CISA has added CVE-2024-48248, a high-severity absolute path traversal vulnerability in NAKIVO Backup &amp; Replication (CVSS 8.6), to its KEV catalog due to active exploitation. https://t.co/lRFTw7rPHn
0
0
0
NAKIVO Backup &amp; Replication vulnerability exploited by attackers (CVE-2024-48248) https://t.co/0aJteBgsQa A vulnerability (CVE-2024-48248) in NAKIVO Backup and Replication, a backup, ransomware protection and disaster recovery solution designed for organizations of all sizes a…
0
0
0
NAKIVO Backup &amp; Replication vulnerability exploited by attackers (CVE-2024-48248) - https://t.co/KbcVXU8viR - @Nakivo @CISACyber @watchtowrcyber #MSP #SMBs #Enterprise #Backup #Vulnerability #PoC #CyberSecurity #InfoSecurity #CISO #ITsecurity #CyberSecurityNews #SecurityNews
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
134C704F-9B21-4F2E-91B3-4A467353BCC0https://github.com/watchtowrlabs/nakivo-arbitrary-file-read-poc-CVE-2024-48248/?ref=labs.watchtowr.com
[email protected]https://helpcenter.nakivo.com/Release-Notes/Content/Release-Notes.htm
[email protected]https://labs.watchtowr.com/the-best-security-is-when-we-all-agree-to-keep-everything-secret-except-the-secrets-nakivo-backup-replication-cve-2024-48248/
GITHUBhttps://labs.watchtowr.com/the-best-security-is-when-we-all-agree-to-keep-everything-secret-except-the-secrets-nakivo-backup-replication-cve-2024-48248/
134C704F-9B21-4F2E-91B3-4A467353BCC0https://github.com/watchtowrlabs/nakivo-arbitrary-file-read-poc-CVE-2024-48248/?ref=labs.watchtowr.com
[email protected]https://helpcenter.nakivo.com/Release-Notes/Content/Release-Notes.htm
[email protected]https://labs.watchtowr.com/the-best-security-is-when-we-all-agree-to-keep-everything-secret-except-the-secrets-nakivo-backup-replication-cve-2024-48248/

CWE Details

CWE IDCWE NameDescription
CWE-36Absolute Path TraversalThe software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as /abs/path that can resolve to a location that is outside of that directory.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence