Cyber Resilience

CVE-2024-48248

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 04 March 2025

Published
04 March 2025
Modified
05 November 2025
KEV Added
19 March 2025
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS Score 0.9401 99.9th percentile
Risk Priority 94 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-48248 is a high-severity Absolute Path Traversal (CWE-36) vulnerability in Nakivo Backup \& Replication Director. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

NAKIVO Backup & Replication versions prior to 11.0.0.88174 contain an absolute path traversal flaw in the getImageByPath endpoint exposed at /c/router. The issue stems from insufficient input validation that permits attackers to supply arbitrary filesystem paths, exposing any readable file on the host, including configuration data that stores cleartext credentials for PhysicalDiscovery components.

Remote unauthenticated attackers can exploit the traversal over the network to retrieve sensitive files. Because the recovered credentials often belong to discovery services that span multiple systems, successful file reads can enable lateral movement and remote code execution across an enterprise backup environment.

Vendor release notes confirm the defect is resolved in 11.0.0.88174, and CISA has added the CVE to its Known Exploited Vulnerabilities catalog. Public proof-of-concept code and detailed analysis from WatchTowr Labs are also available, underscoring the need for immediate patching.

The EPSS score has reached 0.94, indicating substantial real-world exploitation interest.

EU & UK References

Vulnerability details

NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router (this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials).

CWE(s)
KEV Date Added
19 March 2025

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1212 Exploitation for Credential Access Credential Access
Adversaries may exploit software vulnerabilities in an attempt to collect credentials.
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Why these techniques?

Unauthenticated path traversal enables arbitrary file read (T1190: Exploit Public-Facing Application), including cleartext credentials in PhysicalDiscovery files (T1552.001: Credentials In Files), facilitating credential access via exploitation (T1212: Exploitation for Credential Access).

CVEs Like This One

CVE-2024-13159Shared CWE-36both on KEV
CVE-2024-13160Shared CWE-36both on KEV
CVE-2024-13161Shared CWE-36both on KEV
CVE-2026-26337Shared CWE-36
CVE-2025-57790Shared CWE-36
CVE-2026-0846Shared CWE-36
CVE-2026-1330Shared CWE-36
CVE-2025-34392Shared CWE-36
CVE-2026-1018Shared CWE-36
CVE-2026-4373Shared CWE-36

Affected Assets

nakivo
backup \& replication director
≤ 11.0.0.88174

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely remediation and patching of the specific path traversal flaw in NAKIVO Backup & Replication prior to version 11.0.0.88174, directly eliminating arbitrary file read exploitation.

prevent

Enforces validation of untrusted inputs like paths to the getImageByPath function in /c/router, preventing absolute path traversal (CWE-36) attacks.

prevent

Monitors and controls communications at external boundaries to detect and block network requests exploiting path traversal to the vulnerable /c/router endpoint.

References