CVE-2024-48248

Product version: 11.0.0

Last modified: 06 March 2025

Issue Details

CVE-2025-23114

Severity: Critical

CVSS v3.1 Score: 8.6

Source: Reported by watchTowr via support channel.

This vulnerability allows attackers to read arbitrary files on the affected system without authentication. Exploiting this vulnerability could expose sensitive data, including configuration files, backups, and credentials, potentially leading to data breaches or further security compromises.

Affected Versions

• NAKIVO Backup & Replication versions 10.11.3.86570 and earlier.

Solution

The CVE-2024-48248 vulnerability is fixed in NAKIVO Backup & Replication v11.0.0.88174.

To mitigate this vulnerability, we strongly recommend taking the following actions:

Upgrade to a Secure Version

Download and upgrade to NAKIVO Backup & Replication version 11.0.0.88174 or later.

Additional Mitigation Steps

1. Review Access Logs:

   • Check system logs for unusual or unauthorized access attempts that may indicate exploitation.

   • Pay attention to unexpected file access activities.

2. Enhance Network Security:

   • Implement network segmentation to limit exposure of backup systems to untrusted networks.

   • Apply firewall rules to restrict access to trusted users only.

   • Use strong authentication mechanisms to secure backup systems.

   • Follow security best practices to minimize future risks.