Vulnerability cyber

Nakivo

Mar 2, 2025 1 min read
Nakivo

A critical vulnerability identified as CVE-2024-48248 in Nakivo Backup & Replication allows for unauthenticated arbitrary file reads, potentially leading to sensitive data exposure. Despite the severity, Nakivo was initially unresponsive and later resolved the issue silently, compromising transparency. The lack of a public advisory continued to leave many systems at risk. Discovered by watchTowr Labs, this flaw affects numerous versions and has been found in over 200 instances globally, with significant concentrations in France and the United States. The vulnerability provides attackers access to crucial system files and backup data, posing a high risk of data breach and infrastructure compromise.

Source: https://cybersecuritynews.com/nakivo-backup-replication-tool-vulnerability/

TPRM report: https://scoringcyber.rankiteo.com/company/nakivo

"id": "nak408030225",
"linkid": "nakivo",
"type": "Vulnerability",
"date": "2/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Technology',
                        'location': ['France', 'United States'],
                        'name': 'Nakivo',
                        'type': 'Software Company'}],
 'attack_vector': 'Unauthenticated Arbitrary File Reads',
 'data_breach': {'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['System files', 'Backup data']},
 'description': 'A critical vulnerability identified as CVE-2024-48248 in '
                'Nakivo Backup & Replication allows for unauthenticated '
                'arbitrary file reads, potentially leading to sensitive data '
                'exposure. Despite the severity, Nakivo was initially '
                'unresponsive and later resolved the issue silently, '
                'compromising transparency. The lack of a public advisory '
                'continued to leave many systems at risk. Discovered by '
                'watchTowr Labs, this flaw affects numerous versions and has '
                'been found in over 200 instances globally, with significant '
                'concentrations in France and the United States. The '
                'vulnerability provides attackers access to crucial system '
                'files and backup data, posing a high risk of data breach and '
                'infrastructure compromise.',
 'impact': {'data_compromised': ['System files', 'Backup data'],
            'systems_affected': 'Nakivo Backup & Replication'},
 'references': [{'source': 'watchTowr Labs'}],
 'title': 'CVE-2024-48248 Vulnerability in Nakivo Backup & Replication',
 'type': 'Vulnerability Exploitation',
 'vulnerability_exploited': 'CVE-2024-48248'}
Published by
Jeremy C
Jeremy C
You might also like
Vulnerability cyber

GeoServer

public 1 min read
A critical remote code execution vulnerability in GeoServer, designated CVE-2024-36401, has been exploited by cybercriminals to deploy cryptocurrency mining malware.…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.