The U.S. Cybersecurity and Infrastructure Security Agency has identified a significant security flaw affecting NAKIVO Backup & Replication software, adding it to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation in the wild.
The vulnerability, tracked as CVE-2024-48248 with a CVSS severity score of 8.6, is an absolute path traversal flaw that allows unauthorized attackers to access and read sensitive files on affected systems. Exploiting this flaw enables malicious actors to retrieve critical system files such as /etc/shadow through the /c/router endpoint. The issue affects all versions of NAKIVO Backup & Replication prior to version 10.11.3.86570.
Potential Impact and Exploitation of CVE-2024-48248
If successfully exploited, this vulnerability allows attackers to access configuration files, backups, and stored credentials. According to cybersecurity firm watchTowr Labs, a proof-of-concept (PoC) exploit was publicly released at the end of last month, increasing the risk of widespread attacks. The vulnerability was officially patched in version v11.0.0.88174 in November 2024.
Researchers have highlighted that attackers could exploit the flaw to extract credentials stored in the database product01.h2.db, potentially compromising entire backup environments. This makes it a stepping stone for deeper infiltrations and system takeovers.
Additional Vulnerabilities Added to the KEV Catalog
Alongside the NAKIVO vulnerability, CISA has also flagged two additional security flaws:
- CVE-2025-1316 (CVSS 9.3) – A critical OS command injection vulnerability in the Edimax IC-7100 IP camera, allowing attackers to execute arbitrary commands. This issue remains unpatched as the device has reached end-of-life.
- CVE-2017-12637 (CVSS 7.5) – A directory traversal vulnerability in SAP NetWeaver Application Server (AS) Java, which can be exploited to read arbitrary files through manipulated query strings.
Cybersecurity firm Akamai has reported that CVE-2025-1316 has been actively exploited by attackers since May 2024. Hackers have been leveraging default credentials to compromise Edimax cameras and integrate them into Mirai botnet variants.
In response to these threats, CISA has mandated that Federal Civilian Executive Branch (FCEB) agencies implement the necessary security patches by April 9, 2025 to mitigate risks and protect their networks from exploitation.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: