CVE-2024-48248

HIGH
2025-03-04 [email protected]
8.6
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Analysis Generated
Mar 28, 2026 - 18:29 vuln.today
Added to CISA KEV
Nov 05, 2025 - 19:11 cisa
CISA KEV
PoC Detected
Nov 05, 2025 - 19:11 vuln.today
Public exploit code
CVE Published
Mar 04, 2025 - 08:15 nvd
HIGH 8.6

Tags

RCE Path Traversal Backup Replication Director

Description

NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router (this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials).

Analysis

NAKIVO Backup & Replication contains an absolute path traversal allowing unauthenticated remote attackers to read arbitrary files, including configuration files with cleartext credentials for physical discovery operations.

Technical Context

The CWE-36 path traversal via the getImageByPath parameter in /c/router allows reading any file on the NAKIVO server. The PhysicalDiscovery configuration contains cleartext credentials for vCenter, Hyper-V, and other infrastructure, enabling cascade compromise.

Affected Products

['NAKIVO Backup & Replication before 11.0.0.88174']

Remediation

Update NAKIVO immediately. Rotate all infrastructure credentials stored in NAKIVO (vCenter, Hyper-V, cloud accounts). Restrict network access to the NAKIVO management interface.

Priority Score

207
Low Medium High Critical
KEV: +50
EPSS: +94.0
CVSS: +43
POC: +20

Share

CVE-2024-48248 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy