The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has alerted federal agencies about active exploitation of a severe vulnerability in NAKIVO’s Backup & Replication software. Identified as CVE-2024-48248, the flaw allows attackers to access sensitive files remotely, potentially compromising entire infrastructures.
Vulnerability Details: CVE-2024-48248 Explained
This vulnerability is classified as an absolute path traversal flaw, meaning unauthenticated attackers could remotely access and read critical files. According to NAKIVO, exploiting this flaw can expose backups, configuration details, and even credentials—significantly increasing the risk of data breaches or further cyberattacks.
Cybersecurity company watchTowr initially discovered this vulnerability and notified NAKIVO. The company silently patched the issue in November 2024 with the Backup & Replication v11.0.0.88174 update, almost two months after initial disclosure.
Proof-of-Concept Raises Concerns
WatchTowr also publicly released a proof-of-concept tool in February 2025, which can both detect the vulnerability and function as an unofficial customer support utility. Although NAKIVO hasn’t officially reported active exploitation, the company recommends that customers closely examine their logs for unauthorized access or suspicious file activities.
Immediate Action Required by Federal Agencies
CISA officially listed CVE-2024-48248 in its Known Exploited Vulnerabilities catalog, confirming active exploitation in cyberattacks. Following Binding Operational Directive (BOD) 22-01, issued in November 2021, U.S. federal agencies must patch their networks against this flaw no later than April 9th, 2025.
While this directive specifically targets federal agencies, CISA strongly recommends that all organizations urgently prioritize applying this critical security update to prevent potential intrusions.
Global Impact and Risk Exposure
NAKIVO’s Backup & Replication software is widely deployed across various industries, boasting a global network of more than 8,000 partners and 30,000 active customers in 183 countries. High-profile organizations such as Honda, Coca-Cola, Cisco, and Siemens rely on NAKIVO, underscoring the vulnerability’s significant potential impact.
Prompt action is essential to safeguard networks from exploitation, highlighting the necessity of staying proactive in cybersecurity practices.
