CVE-2024-48248 - PatchNow

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-03-04

Added to CISA KEV: 2025-03-19 15 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review logs, check for unauthorized access, verify system integrity
Immediately update to NAKIVO Backup & Replication version 11.0.0.88174 or later
If immediate patching is not possible, restrict network access to the management interface and implement additional firewall rules
Monitor for suspicious file access attempts, especially to credential stores and configuration files
Review backup system logs for unauthorized access attempts or unusual activity
Patch priority: CRITICAL - Apply immediately due to active exploitation

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2024-48248 is a critical security vulnerability affecting NAKIVO Backup & Replication. Below is a summary of the known details regarding this flaw.

Overview and Impact

CVE-2024-48248 is an unauthenticated arbitrary file read vulnerability ^[2]. It stems from a path traversal flaw in the NAKIVO Backup & Replication Director, specifically within the `getImageByPath` function when accessing `/c/router` ^[1].

Impact: Successful exploitation allows an attacker to read arbitrary files on the system ^[1]. This is particularly dangerous because it can lead to the exposure of sensitive configuration files and cleartext credentials, potentially enabling remote code execution (RCE) across the enterprise ^[1] ^[4].

Exploitation and Threat Landscape

Active Exploitation: This vulnerability is confirmed to be under active exploitation in the wild ^[4]. It has been officially added to the CISA Known Exploited Vulnerabilities (KEV) catalog ^[1] ^[4].
Attack Requirements: The vulnerability is exploitable remotely (network-based) and does not require authentication or user interaction to execute ^[2].
Exploit Availability: Proof-of-concept (PoC) information and known exploits exist, and the vulnerability is considered to have a high risk of being leveraged by attackers to gain unauthorized access ^[3].

Affected Versions and Mitigation

Affected Versions: NAKIVO Backup & Replication versions prior to 11.0.0.88174 are affected ^[1].
Patch Status: The vulnerability was addressed in version 11.0.0.88174 ^[1]. Organizations using affected versions are strongly advised to update to the patched release immediately to mitigate the risk of compromise.

Sources

CVE-2024-48248 Detail - NVD
CVE-2024-48248 Detail · Description · Metrics · References to Advisories, Solutions, and Tools · This CVE is in CISA's Known Exploited Vulnerabilities Catalog. ... An official website of the United States government Here's how you know ... CVE-2024-48248 Detail. Description. NAKIVO Backup & Replicat…
NAKIVO Backup & Replication (CVE-2024-48248) - watchTowr Labs
We're here to talk about an unauthenticated Arbitrary File Read vulnerability we discovered in NAKIVO's Backup and Replication solution.
CVE-2024-48248 | High Vulnerability in Nakivo Backup & Replication
The vulnerability has been confirmed to have a known exploit, meaning that attackers may leverage this weakness to gain unauthorized access and ... Risk & Impact Analysis The real-world deployment risk associated with CVE-2024-48248 is significant. Organizations that utilize Nakivo Backup & Replicat…
CVE-2024-48248: NAKIVO Backup Path Traversal Vulnerability - SentinelOne
CVE-2024-48248 is a path traversal flaw in NAKIVO Backup & Replication Director allowing attackers to read arbitrary files, potentially leading to remote code execution. This article covers technical details, impact, and mitigation. Published: April 15, 2026 ... This vulnerability has been added to…