CISA Tags NAKIVO Backup Flaw as Actively Exploited in Attacks
Summary:
In November, 2024, NAKIVO patched a path traversal flaw in its backup & replication software, which could allow unauthenticated actors to read arbitrary files on vulnerable devices. Tracked as CVE-2024-48248, successful exploitation of the flaw could expose sensitive data, including configuration files, backups, and credentials, potentially leading to data breaches or further security compromises. While NAKIVO did not mark CVE-2024-48248 as actively exploited in its initial advisory, CISA recently added the flaw to its Known Exploited Vulnerabilities catalog, providing federal agencies three weeks to apply the updates released by NAKIVO, to secure their systems against potential attacks.
Security Officer Comments:
The exploitation of CVE-2024-48248 could have far-reaching consequences, given that it specially targets software that is used by organizations worldwide to securely store and backup their sensitive data. Backup systems are commonly targeted by ransomware actors, who aim to manipulate or destroy backups to ensure their ransom demands are met. This vulnerability could allow attackers unauthorized access to sensitive files, including backup data and credentials, thereby rendering recovery efforts useless and increasing the severity of the attack. Although CISA add the flaw in its Known Exploited Vulnerabilities catalog, the agency did not release the technical details of these intrusions. However, WatchTowr released of a proof of concept for CVE-2024-48248 in February 2025, which heightens the potential for rapid exploitation, making it essential for organizations to address the vulnerability promptly.
Suggested Corrections:
The CVE-2024-48248 vulnerability is fixed in NAKIVO Backup & Replication v11.0.0.88174.
To mitigate this vulnerability, we strongly recommend taking the following actions:
Upgrade to a Secure Version
Download and upgrade to NAKIVO Backup & Replication version 11.0.0.88174 or later.
https://www.bleepingcomputer.com/ne...backup-flaw-as-actively-exploited-in-attacks/
In November, 2024, NAKIVO patched a path traversal flaw in its backup & replication software, which could allow unauthenticated actors to read arbitrary files on vulnerable devices. Tracked as CVE-2024-48248, successful exploitation of the flaw could expose sensitive data, including configuration files, backups, and credentials, potentially leading to data breaches or further security compromises. While NAKIVO did not mark CVE-2024-48248 as actively exploited in its initial advisory, CISA recently added the flaw to its Known Exploited Vulnerabilities catalog, providing federal agencies three weeks to apply the updates released by NAKIVO, to secure their systems against potential attacks.
Security Officer Comments:
The exploitation of CVE-2024-48248 could have far-reaching consequences, given that it specially targets software that is used by organizations worldwide to securely store and backup their sensitive data. Backup systems are commonly targeted by ransomware actors, who aim to manipulate or destroy backups to ensure their ransom demands are met. This vulnerability could allow attackers unauthorized access to sensitive files, including backup data and credentials, thereby rendering recovery efforts useless and increasing the severity of the attack. Although CISA add the flaw in its Known Exploited Vulnerabilities catalog, the agency did not release the technical details of these intrusions. However, WatchTowr released of a proof of concept for CVE-2024-48248 in February 2025, which heightens the potential for rapid exploitation, making it essential for organizations to address the vulnerability promptly.
Suggested Corrections:
The CVE-2024-48248 vulnerability is fixed in NAKIVO Backup & Replication v11.0.0.88174.
To mitigate this vulnerability, we strongly recommend taking the following actions:
Upgrade to a Secure Version
Download and upgrade to NAKIVO Backup & Replication version 11.0.0.88174 or later.
Additional Suggested Corrections Steps​
- Review Access Logs:
- Check system logs for unusual or unauthorized access attempts that may indicate exploitation.
- Pay attention to unexpected file access activities.
- Enhance Network Security:
- Implement network segmentation to limit exposure of backup systems to untrusted networks.
- Apply firewall rules to restrict access to trusted users only.
- Use strong authentication mechanisms to secure backup systems.
- Follow security best practices to minimize future risks.
https://www.bleepingcomputer.com/ne...backup-flaw-as-actively-exploited-in-attacks/