NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248)
A vulnerability (CVE-2024-48248) in NAKIVO Backup and Replication, a backup, ransomware protection and disaster recovery solution designed for organizations of all sizes and managed service providers (MSPs), is being actively exploited.
The US Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities catalog on Wednesday, but it’s yet unknown whether the flaw is being leveraged by ransomware attackers, who often try to delete existing backups to make it more likely for victim organizations to pay a ransom.
About CVE-2024-48248
CVE-2024-48248 is an absolute path traversal vulnerability that may allow remote, unauthenticated attackers to read files on the affected system.
“Exploiting this vulnerability could expose sensitive data, including configuration files, backups, and credentials, potentially leading to data breaches or further security compromises,” the company says.
The vulnerability was discovered and reported to NAKIVO by watchTowr researchers in September 2024, and the company patched it in v11.0.0.88174 of the solution without mentioning it in the release notes. (The document has since been updated to declare the fixed flaw.)
Sonny Macdonald of the watchTowr team published a technical write-up about the vulnerability on February 26, 2025, as well as a PoC exploit for it, and expressed the hope that NAKIVO had reached out to customers in November to stress the need for a quick upgrade.
Judging by CISA’s notice, some customers haven’t moved quickly enough and have been compromised.
Update again!
CVE-2024-48248 affects NAKIVO Backup & Replication versions 10.11.3.86570 and earlier. The company advised customers to download and upgrade to NAKIVO Backup & Replication version 11.0.0.88174 or later, and to check system logs for unusual or unauthorized access attempts that may indicate exploitation.
Since then, two more versions have been released. The last one, v11.0.2, contains a fix for another critical vulnerability – an XML External Entity flaw discovered in NAKIVO Backup & Replication 11.0.1.89945 – which may also allow attackers to retrieve arbitrary files from the affected system.
“If exploited, this vulnerability could lead to data leakage, unauthorized system access, and the compromise of backup and replication processes, posing a significant security risk,” the company noted, and advised customers to upgrade to version 11.0.2.