CISA Warns of Active Exploitation of Nakivo Backup Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about the active exploitation of a path traversal vulnerability in Nakivo Backup and Replication, urging organizations to apply patches immediately.
The flaw, CVE-2024-48248, carries a CVSS score of 8.6 and is classified as high severity. It allows unauthenticated attackers to read arbitrary files on affected systems, potentially exposing configuration files, credentials, and backups, which could lead to data breaches and further security compromises.
Cybersecurity firm watchTowr, which discovered the vulnerability, published a technical report in February 2025, detailing how attackers could exploit the bug to access any file on a Nakivo server, including credentials used in its backup and disaster recovery solution. Given Nakivo’s extensive integration with cloud services, an attacker could use the flaw to compromise entire IT infrastructures.
The vulnerability was reported to Nakivo in September 2024 and confirmed in late October. However, Nakivo silently patched the issue in November, releasing Backup and Replication version 11.0.0.88174 without mentioning the vulnerability in its release notes. It was only in March 2025 that Nakivo publicly acknowledged the issue and updated its advisory.
On March 6, reports surfaced that exploitation attempts were already occurring in the wild. As a result, CISA added CVE-2024-48248 to its Known Exploited Vulnerabilities (KEV) catalog on Wednesday, requiring federal agencies to apply patches by April 9 under Binding Operational Directive (BOD) 22-01.
CISA also issued warnings about two other actively exploited vulnerabilities:
- CVE-2025-1316, an unpatched zero-day flaw in Edimax cameras that has been targeted since May 2024.
- CVE-2017-12637, a directory traversal vulnerability in SAP NetWeaver that has been exploited since August 2017.
Although BOD 22-01 applies specifically to federal agencies, CISA strongly advises all organizations to review its KEV list, identify vulnerable products in their environments, and apply available mitigations and patches immediately to minimize security risks.
