Security News > 2025 > March > NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248)
2025-03-21 11:31
A vulnerability (CVE-2024-48248) in NAKIVO Backup and Replication, a backup, ransomware protection and disaster recovery solution designed for organizations of all sizes and managed service providers (MSPs), is being actively exploited. The US Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities catalog on Wednesday, but it’s yet unknown whether the flaw is being leveraged by ransomware attackers, who often try to delete existing backups to make it more … More → The post NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248) appeared first on Help Net Security.
News URL
Related news
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411) (source)
- CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks (source)
- Siemens Teamcenter vulnerability could allow account takeover (CVE-2025-23363) (source)
- MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364) (source)
- Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk (source)
- Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) (source)
- CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-04 | CVE-2024-48248 | Unspecified vulnerability in Nakivo Backup & Replication Director 9.4.0.R43656 NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router (this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials). | 8.6 |