CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-48248

Critical Severity
SVRS
79/100
CVSSv3
8.6/10
EPSS
0.9345/1

CVE-2024-48248: A critical path traversal vulnerability affects NAKIVO Backup & Replication. This flaw allows attackers to read arbitrary files using absolute path traversal, potentially exposing sensitive data and enabling remote code execution.

CVE-2024-48248 in NAKIVO Backup & Replication before version 11.0.0.88174 enables unauthorized file access through the getImageByPath function in the /c/router endpoint. The SVRS score of 79 indicates a high-risk vulnerability requiring prompt attention. This is because the vulnerability can expose cleartext credentials leading to complete compromise of the enterprise. With exploits actively circulating and identified as "In The Wild", immediate patching is crucial to mitigate potential attacks. The vulnerability is further highlighted by inclusion in the CISA KEV catalog. Successful exploitation could grant attackers significant control over the backup and replication environment and the assets it protects.

TAGS
In The Wild
Exploit Avaliable
CISA KEV
Exploit Available
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:C
C:H
I:N
A:N
PUBLICATION DATE2025-03-04
LAST MODIFIED2025-03-25
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-48248 is a critical vulnerability affecting NAKIVO Backup & Replication versions prior to 11.0.0.88174. It involves an absolute path traversal vulnerability through the getImageByPath function in the /c/router endpoint, potentially allowing unauthorized reading of arbitrary files on the system. Given the SVRS score of 82, this vulnerability is considered critical and necessitates immediate attention. The description specifies this vulnerability "may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials". The Cybersecurity and Infrastructure Security Agency (CISA) has warned of the vulnerability, calling for immediate and necessary measures.

Key Insights

  • Remote Code Execution Risk: The vulnerability can expose cleartext credentials within the PhysicalDiscovery functionality, potentially leading to remote code execution across the entire enterprise network. The ability to read arbitrary files via path traversal amplifies the risk.
  • Actively Exploited: The vulnerability is actively exploited by hackers "In The Wild," increasing the urgency for patching and mitigation.
  • CISA KEV Designation: The Cybersecurity and Infrastructure Security Agency (CISA) has included this vulnerability in its Known Exploited Vulnerabilities (KEV) catalog, indicating it poses a significant risk to federal agencies and encouraging all organizations to prioritize remediation. Active exploits have been published to exploit the vulnerability.
  • Exploit Availability: There are active exploits have been published to exploit the vulnerability.

Mitigation Strategies

  1. Immediate Patching: Upgrade NAKIVO Backup & Replication to version 11.0.0.88174 or later to remediate the vulnerability. This is the most critical step to prevent exploitation.
  2. Credential Rotation: If an upgrade is not immediately feasible, rotate all credentials potentially exposed by the PhysicalDiscovery functionality, especially those used by NAKIVO Backup & Replication.
  3. Network Segmentation: Implement network segmentation to limit the potential impact of a successful exploit. Restrict access to sensitive systems and data from the NAKIVO Backup & Replication server.
  4. Web Application Firewall (WAF) Rules: Deploy or update WAF rules to detect and block path traversal attempts targeting the /c/router endpoint. Consider input validation to prevent malicious requests.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
watchtowrlabs/nakivo-arbitrary-file-read-poc-CVE-2024-48248https://github.com/watchtowrlabs/nakivo-arbitrary-file-read-poc-CVE-2024-482482025-01-28
NAKIVO Backup and Replication Absolute Path Traversal Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-482482025-03-19
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

24th March – Threat Intelligence Report
lorenf2025-05-01
24th March – Threat Intelligence Report | For the latest discoveries in cyber research for the week of 24th March, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Municipalities in four US states experienced cyberattacks that disrupted services for county offices, courts, and schools. Cleveland Municipal Court was hit by Qilin ransomware attack, forcing employees offline and delaying trials, while [&#8230;] The post 24th March – Threat Intelligence Report appeared first on Check Point Research<
checkpoint.com
rss
forum
news
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA2025-05-01
CISA Adds Three Known Exploited Vulnerabilities to Catalog | CISA has added three new vulnerabilities to its&nbsp;Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. <a class="fui-Link ___1q1shib f2hkw1w f3rmtva f1ewtqcl fyind8e f1k6fduh f1w7gpdv fk6fouc fjoy568 figsok6 f1s184ao f1mk8lai fnbmjn9 f1o700av f13mvf36 f1cmlufx f9n3di6 f1ids18y f1tx3yz7 f1deo86v f1eh06m1 f1iescvh fhgqx19 f1olyrje f1p93eir f1nev41a f1h8hb77 f1lqvz6u f10aw75t fsle3fq f17ae5zn" href="https://www.cve.org/CVERecord?id=CVE-2025-1316" rel="noreferrer noopener" target="_blank" title
us-cert.gov
rss
forum
news
Data Breaches Digest - Week 12 2025
Dunkie ([email protected])2025-05-01
Data Breaches Digest - Week 12 2025 | Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 17th March and 23rd March 2025. 23rd March <br
dbdigest.com
rss
forum
news
SANS Stormcast Thursday Feb 27th: High Exfil Ports; Malicious VS Code Theme; Developer Workstation Safety; NAKIVO PoC; OpenH264 and rsync vuln;
Dr. Johannes B. Ullrich2025-02-27
SANS Stormcast Thursday Feb 27th: High Exfil Ports; Malicious VS Code Theme; Developer Workstation Safety; NAKIVO PoC; OpenH264 and rsync vuln; | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday Feb 27th: High Exfil Ports; Malicious VS Code Theme; Developer Workstation Safety; NAKIVO PoC; OpenH264 and rsync vuln; Attacker of of Ephemeral Ports Attackers often use ephermeral ports to reach out to download additional resources or exfiltrate data. This can be used, with care, to detect possible compromises. <a
sans.edu
rss
forum
news
Tageszusammenfassung - 26.02.2025
CERT.at2025-04-01
Tageszusammenfassung - 26.02.2025 | End-of-Day report Timeframe: Dienstag 25-02-2025 18:00 - Mittwoch 26-02-2025 18:00 Handler: Michael Schlagenhaufer Co-Handler: Alexander Riepl News Datenleck-Such-Website Have I Been Pwned um 284 Millionen Accounts aufgestockt Im Telegram-Kanal ALIEN TXTBASE wurden von Infostealer-Malware erbeute Mailadressen und Passwörter geteilt. Diese Daten sind nun in HIBP integriert. https://www.heise.de/news/Datenleck-Such-Website-Have-I-Been-Pwned-um-284-Millionen-Accounts-aufgestockt-10296120.html
cve-2024-48248
global
server
security
24th March – Threat Intelligence Report - Check Point Research
2025-03-24
24th March – Threat Intelligence Report - Check Point Research | News Content: For the latest discoveries in cyber research for the week of 24th March, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Municipalities in four US states experienced cyberattacks that disrupted services for county offices, courts, and schools. Cleveland Municipal Court was hit by Qilin ransomware attack, forcing employees offline and delaying trials, while Strafford County, Pelham School District, and Derby Police Department also reported service disruptions which were not claimed by any specific threat actor. Check Point Harmony Endpoint and Threat Emulation provide protection against this threat (Ransomware.Wins.Qilin
google.com
rss
forum
news
The Good, the Bad and the Ugly in Cybersecurity – Week 12
SentinelOne2025-03-21
The Good, the Bad and the Ugly in Cybersecurity – Week 12 | Three new bugs added to CISA's KEV catalog, RaaS affiliates use new custom backdoor, and compromised GitHub Action exposes CI/CD secrets.The Good | CISA Updates Its KEV Catalog, Reminding Users to Prioritize Patch Management CISA has added three newly exploited vulnerabilities to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog
sentinelone.com
rss
forum
news

Social Media

The Best Security Is When We All Agree To Keep Everything Secret (Except The Secrets) - NAKIVO Backup &amp; Replication (CVE-2024-48248) #NAKIVOBackup #SecurityAgreement #ArbitraryFileRead #UnauthenticatedAccessVulnerability #BackupSolutions https://t.co/5iORO45x1X
0
0
3
#ThreatProtection #CVE-2024-48248 - #NAKIVO Backup and Replication absolute path traversal #vulnerability, read more about Symantec's protection: https://t.co/2gohR5FAUZ
0
0
1
CISA has warned U.S. federal agencies about active exploitation of a high-severity vulnerability (CVE-2024-48248) in NAKIVO’s Backup &amp; Replication software. This path traversal flaw allows unauthenticated attackers to read arbitrary files. . #CISA #CyberSecurity #NAKIVO https://t.co/V5VMPMxBb7
0
0
1
NAKIVO Backup &amp; Replication vulnerability exploited by attackers (CVE-2024-48248) - Help Net Security https://t.co/snkVaBjoAm
0
1
0
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-48248 #NAKIVO Backup and Replication Absolute Path Traversal #Vulnerability https://t.co/dv4AebXVC5
0
0
0
🚨 Threat Alert: NAKIVO Backup &amp; Replication Vulnerability Exploitation (CVE-2024-48248) 📅 Date: 2025-03-21 📆 Timeline: Vulnerability disclosed on September 13, 2024 and patched on November 4, 2024. 📌 Attribution: watchTowr Labs 📝 Summary: A vulnerability (CVE-2024-48248) in
1
0
0
💀 CISA just flagged this backup flaw as actively exploited! CVE-2024-48248 | Unauthenticated file read in NAKIVO Backup &amp; Replication exposes sensitive data &amp; credentials. 🔹 Exploit already public 🔹 Update before it’s too late https://t.co/ku4z7Ep1So
0
0
0
CISA has added CVE-2024-48248, a high-severity absolute path traversal vulnerability in NAKIVO Backup &amp; Replication (CVSS 8.6), to its KEV catalog due to active exploitation. https://t.co/lRFTw7rPHn
0
0
0
NAKIVO Backup &amp; Replication vulnerability exploited by attackers (CVE-2024-48248) https://t.co/0aJteBgsQa A vulnerability (CVE-2024-48248) in NAKIVO Backup and Replication, a backup, ransomware protection and disaster recovery solution designed for organizations of all sizes a…
0
0
0
NAKIVO Backup &amp; Replication vulnerability exploited by attackers (CVE-2024-48248) - https://t.co/KbcVXU8viR - @Nakivo @CISACyber @watchtowrcyber #MSP #SMBs #Enterprise #Backup #Vulnerability #PoC #CyberSecurity #InfoSecurity #CISO #ITsecurity #CyberSecurityNews #SecurityNews
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
134C704F-9B21-4F2E-91B3-4A467353BCC0https://github.com/watchtowrlabs/nakivo-arbitrary-file-read-poc-CVE-2024-48248/?ref=labs.watchtowr.com
[email protected]https://helpcenter.nakivo.com/Release-Notes/Content/Release-Notes.htm
[email protected]https://labs.watchtowr.com/the-best-security-is-when-we-all-agree-to-keep-everything-secret-except-the-secrets-nakivo-backup-replication-cve-2024-48248/
GITHUBhttps://labs.watchtowr.com/the-best-security-is-when-we-all-agree-to-keep-everything-secret-except-the-secrets-nakivo-backup-replication-cve-2024-48248/
134C704F-9B21-4F2E-91B3-4A467353BCC0https://github.com/watchtowrlabs/nakivo-arbitrary-file-read-poc-CVE-2024-48248/?ref=labs.watchtowr.com
[email protected]https://helpcenter.nakivo.com/Release-Notes/Content/Release-Notes.htm
[email protected]https://labs.watchtowr.com/the-best-security-is-when-we-all-agree-to-keep-everything-secret-except-the-secrets-nakivo-backup-replication-cve-2024-48248/

CWE Details

CWE IDCWE NameDescription
CWE-36Absolute Path TraversalThe software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as /abs/path that can resolve to a location that is outside of that directory.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence