CISA has added an absolute path traversal bug in Nakivo Backup and Replication to its Known Exploited Vulnerabilities list.
March 20, 2025 By Ionut Arghire
The US cybersecurity agency CISA on Wednesday warned that a recent absolute path traversal vulnerability in Nakivo Backup and Replication has been exploited in the wild.
The issue, tracked as CVE-2024-48248 (CVSS score of 8.6), is a high-severity bug that could allow attackers to execute arbitrary code remotely within enterprise environments, a NIST advisory reads.
“This vulnerability allows attackers to read arbitrary files on the affected system without authentication. Exploiting this vulnerability could expose sensitive data, including configuration files, backups, and credentials, potentially leading to data breaches or further security compromises,” Nakivo notes in its advisory.
