CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-48248

Critical Severity
SVRS
80/100
CVSSv3
8.6/10
EPSS
0.91014/1

CVE-2024-48248 is a critical vulnerability in NAKIVO Backup & Replication before version 11.0.0.88174. This vulnerability allows attackers to read arbitrary files on the system using absolute path traversal via the getImageByPath function. Successful exploitation can lead to remote code execution across the enterprise due to exposed cleartext credentials in PhysicalDiscovery.

Given the SOCRadar Vulnerability Risk Score (SVRS) of 80, this CVE requires immediate attention and remediation. The vulnerability is tagged as "In The Wild" and "Exploit Available," signifying active exploitation attempts. The presence of cleartext credentials exacerbates the risk, potentially granting attackers complete control over affected systems. The combination of high CVSS score (8.6) and a critical SVRS score indicates a significant threat to organizations using the vulnerable NAKIVO Backup & Replication versions.

TAGS
In The Wild
Exploit Avaliable
CISA KEV
Exploit Available
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:C
C:H
I:N
A:N
PUBLICATION DATE2025-03-04
LAST MODIFIED2025-03-25

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
NAKIVO Backup and Replication Absolute Path Traversal Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-482482025-03-19
watchtowrlabs/nakivo-arbitrary-file-read-poc-CVE-2024-48248https://github.com/watchtowrlabs/nakivo-arbitrary-file-read-poc-CVE-2024-482482025-01-28
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

SANS Stormcast Thursday Feb 27th: High Exfil Ports; Malicious VS Code Theme; Developer Workstation Safety; NAKIVO PoC; OpenH264 and rsync vuln;
Dr. Johannes B. Ullrich2025-02-27
SANS Stormcast Thursday Feb 27th: High Exfil Ports; Malicious VS Code Theme; Developer Workstation Safety; NAKIVO PoC; OpenH264 and rsync vuln; | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Thursday Feb 27th: High Exfil Ports; Malicious VS Code Theme; Developer Workstation Safety; NAKIVO PoC; OpenH264 and rsync vuln; Attacker of of Ephemeral Ports Attackers often use ephermeral ports to reach out to download additional resources or exfiltrate data. This can be used, with care, to detect possible compromises. <a
sans.edu
rss
forum
news
Tageszusammenfassung - 26.02.2025
CERT.at2025-04-01
Tageszusammenfassung - 26.02.2025 | End-of-Day report Timeframe: Dienstag 25-02-2025 18:00 - Mittwoch 26-02-2025 18:00 Handler: Michael Schlagenhaufer Co-Handler: Alexander Riepl News Datenleck-Such-Website Have I Been Pwned um 284 Millionen Accounts aufgestockt Im Telegram-Kanal ALIEN TXTBASE wurden von Infostealer-Malware erbeute Mailadressen und Passwörter geteilt. Diese Daten sind nun in HIBP integriert. https://www.heise.de/news/Datenleck-Such-Website-Have-I-Been-Pwned-um-284-Millionen-Accounts-aufgestockt-10296120.html
cve-2024-48248
global
server
security
24th March – Threat Intelligence Report - Check Point Research
2025-03-24
24th March – Threat Intelligence Report - Check Point Research | News Content: For the latest discoveries in cyber research for the week of 24th March, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Municipalities in four US states experienced cyberattacks that disrupted services for county offices, courts, and schools. Cleveland Municipal Court was hit by Qilin ransomware attack, forcing employees offline and delaying trials, while Strafford County, Pelham School District, and Derby Police Department also reported service disruptions which were not claimed by any specific threat actor. Check Point Harmony Endpoint and Threat Emulation provide protection against this threat (Ransomware.Wins.Qilin
google.com
rss
forum
news
The Good, the Bad and the Ugly in Cybersecurity – Week 12
SentinelOne2025-03-21
The Good, the Bad and the Ugly in Cybersecurity – Week 12 | Three new bugs added to CISA's KEV catalog, RaaS affiliates use new custom backdoor, and compromised GitHub Action exposes CI/CD secrets.The Good | CISA Updates Its KEV Catalog, Reminding Users to Prioritize Patch Management CISA has added three newly exploited vulnerabilities to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog
sentinelone.com
rss
forum
news
NAKIVO Backup &amp; Replication vulnerability exploited by attackers (CVE-2024-48248)
Zeljka Zorz2025-03-21
NAKIVO Backup &amp; Replication vulnerability exploited by attackers (CVE-2024-48248) | A vulnerability (CVE-2024-48248) in NAKIVO Backup and Replication, a backup, ransomware protection and disaster recovery solution designed for organizations of all sizes and managed service providers (MSPs), is being actively exploited. The US Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities catalog on Wednesday, but it&#8217;s yet unknown whether the flaw is being leveraged by ransomware attackers, who often try to delete existing backups to make it more &#8230; <a href="https://www.helpnetsecurity.com/2025/03/21/nakivo-backup-replication-vulnerability-exploited-by-attackers-cve-2024-48248/" rel
helpnetsecurity.com
rss
forum
news
Comment on CVE Rule Allows MITRE to Hide When They Are Failing to Provide Timely Information on Vulnerabilities by CISA Warns of Exploited Nakivo Vulnerability - Source: www.securityweek.com - CISO2CISO.COM &amp; CYBER SECURITY GROUP
CISA Warns of Exploited Nakivo Vulnerability - Source: www.securityweek.com - CISO2CISO.COM &#38; CYBER SECURITY GROUP2025-03-20
Comment on CVE Rule Allows MITRE to Hide When They Are Failing to Provide Timely Information on Vulnerabilities by CISA Warns of Exploited Nakivo Vulnerability - Source: www.securityweek.com - CISO2CISO.COM &amp; CYBER SECURITY GROUP | [&#8230;] on March 6, Plugin Vulnerabilities reported that the MITRE CVE Program entry for CVE-2024-48248 was still empty, and that the first [&#8230;][&#8230;] on March 6, Plugin Vulnerabilities reported that the MITRE CVE Program entry for CVE-2024-48248 was still empty, and that the first [&#8230;]
pluginvulnerabilities.com
rss
forum
news
CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation
Ajit Jasrotia2025-03-20
CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting NAKIVO Backup &#38; Replication software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2024-48248 (CVSS score: 8.6), an absolute path traversal bug that could allow an unauthenticated attacker to read files [&#8230;] The post CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation
allhackernews.com
rss
forum
news

Social Media

The Best Security Is When We All Agree To Keep Everything Secret (Except The Secrets) - NAKIVO Backup &amp; Replication (CVE-2024-48248) #NAKIVOBackup #SecurityAgreement #ArbitraryFileRead #UnauthenticatedAccessVulnerability #BackupSolutions https://t.co/5iORO45x1X
0
0
3
#ThreatProtection #CVE-2024-48248 - #NAKIVO Backup and Replication absolute path traversal #vulnerability, read more about Symantec's protection: https://t.co/2gohR5FAUZ
0
0
1
CISA has warned U.S. federal agencies about active exploitation of a high-severity vulnerability (CVE-2024-48248) in NAKIVO’s Backup &amp; Replication software. This path traversal flaw allows unauthenticated attackers to read arbitrary files. . #CISA #CyberSecurity #NAKIVO https://t.co/V5VMPMxBb7
0
0
1
NAKIVO Backup &amp; Replication vulnerability exploited by attackers (CVE-2024-48248) - Help Net Security https://t.co/snkVaBjoAm
0
1
0
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-48248 #NAKIVO Backup and Replication Absolute Path Traversal #Vulnerability https://t.co/dv4AebXVC5
0
0
0
🚨 Threat Alert: NAKIVO Backup &amp; Replication Vulnerability Exploitation (CVE-2024-48248) 📅 Date: 2025-03-21 📆 Timeline: Vulnerability disclosed on September 13, 2024 and patched on November 4, 2024. 📌 Attribution: watchTowr Labs 📝 Summary: A vulnerability (CVE-2024-48248) in
1
0
0
💀 CISA just flagged this backup flaw as actively exploited! CVE-2024-48248 | Unauthenticated file read in NAKIVO Backup &amp; Replication exposes sensitive data &amp; credentials. 🔹 Exploit already public 🔹 Update before it’s too late https://t.co/ku4z7Ep1So
0
0
0
CISA has added CVE-2024-48248, a high-severity absolute path traversal vulnerability in NAKIVO Backup &amp; Replication (CVSS 8.6), to its KEV catalog due to active exploitation. https://t.co/lRFTw7rPHn
0
0
0
NAKIVO Backup &amp; Replication vulnerability exploited by attackers (CVE-2024-48248) https://t.co/0aJteBgsQa A vulnerability (CVE-2024-48248) in NAKIVO Backup and Replication, a backup, ransomware protection and disaster recovery solution designed for organizations of all sizes a…
0
0
0
NAKIVO Backup &amp; Replication vulnerability exploited by attackers (CVE-2024-48248) - https://t.co/KbcVXU8viR - @Nakivo @CISACyber @watchtowrcyber #MSP #SMBs #Enterprise #Backup #Vulnerability #PoC #CyberSecurity #InfoSecurity #CISO #ITsecurity #CyberSecurityNews #SecurityNews
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
134C704F-9B21-4F2E-91B3-4A467353BCC0https://github.com/watchtowrlabs/nakivo-arbitrary-file-read-poc-CVE-2024-48248/?ref=labs.watchtowr.com
[email protected]https://helpcenter.nakivo.com/Release-Notes/Content/Release-Notes.htm
[email protected]https://labs.watchtowr.com/the-best-security-is-when-we-all-agree-to-keep-everything-secret-except-the-secrets-nakivo-backup-replication-cve-2024-48248/
GITHUBhttps://labs.watchtowr.com/the-best-security-is-when-we-all-agree-to-keep-everything-secret-except-the-secrets-nakivo-backup-replication-cve-2024-48248/
134C704F-9B21-4F2E-91B3-4A467353BCC0https://github.com/watchtowrlabs/nakivo-arbitrary-file-read-poc-CVE-2024-48248/?ref=labs.watchtowr.com
[email protected]https://helpcenter.nakivo.com/Release-Notes/Content/Release-Notes.htm
[email protected]https://labs.watchtowr.com/the-best-security-is-when-we-all-agree-to-keep-everything-secret-except-the-secrets-nakivo-backup-replication-cve-2024-48248/

CWE Details

CWE IDCWE NameDescription
CWE-36Absolute Path TraversalThe software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as /abs/path that can resolve to a location that is outside of that directory.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence