The recent addition of a high-severity security flaw affecting NAKIVO Backup & Replication software to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalog has raised concerns about the potential risks posed by this vulnerability. Identified as CVE-2024-48248, the flaw is classified as an absolute path traversal issue, allowing unauthorized individuals to access sensitive files on affected systems. This vulnerability, present in all versions preceding v10.11.3.86570, has the potential to expose critical data, such as configuration files, backups, and credentials to malicious actors.
CISA has taken swift action in response to this security concern, issuing a directive for all U.S. federal agencies to patch their systems by April 9, 2025, in accordance with Binding Operational Directive (BOD) 22-01. Failure to address this vulnerability could result in further compromises within an organization’s infrastructure if exploited by cybercriminals. The discovery of this flaw was credited to the cybersecurity firm watchTowr Labs, who demonstrated its exploitable nature through a proof-of-concept exploit in February 2024, emphasizing the ease with which attackers could access sensitive files on vulnerable systems.
Despite NAKIVO silently patching the vulnerability in November 2024, the issue remained undisclosed in the company’s release notes until March 6, 2025, leaving users unaware of the potential risks they faced. The active exploitation of this flaw since at least February, as noted by its inclusion in the KEV catalog by CISA, underscores the urgent need for organizations to address this security concern promptly. While NAKIVO has not confirmed instances of the vulnerability being exploited in the wild, users are advised to remain vigilant, monitoring system logs for any signs of unauthorized access attempts or unexpected file access activities.
In addition to the vulnerability affecting NAKIVO Backup & Replication software, CISA’s catalog also lists two other critical vulnerabilities impacting Edimax IP cameras and SAP NetWeaver Application Server. These vulnerabilities, like CVE-2024-48248, are actively exploited by threat actors and require immediate attention to mitigate potential risks. It is essential for all organizations, not just federal agencies, to apply patches promptly to safeguard their systems against these vulnerabilities.
The proactive measures taken by CISA and cybersecurity researchers highlight the ongoing threats posed by exploitable vulnerabilities and the critical importance of maintaining robust cybersecurity protocols. As cyber threats continue to evolve, organizations must remain vigilant and prioritize the security of their systems to prevent potential breaches and safeguard sensitive data from malicious actors.