Federal cybersecurity officials are sounding the alarm. CISA has added CVE-2024-48248, a dangerous path traversal vulnerability affecting NAKIVO Backup & Replication, to its Known Exploited Vulnerabilities catalog. This isn’t just another security flaw. It’s actively being exploited in the wild, and the consequences could be devastating.
Wake up call: NAKIVO’s backup software is compromised, actively exploited, and could destroy your recovery options.
The vulnerability, sporting a hefty CVSS score of 8.6, allows unauthenticated attackers to read arbitrary files through specially crafted HTTP POST requests. In plain English? Hackers can access your sensitive data without even needing a password. Great.
Federal agencies have until April 9, 2025, to patch the issue, as mandated by Binding Operational Directive 22-01. But let’s be real—everyone using this software should update immediately. Ransomware groups are probably salivating at the thought of compromising backup systems.
NAKIVO’s handling of this situation raised some eyebrows. They silently patched the vulnerability back in November 2024, without initially publishing an advisory or even mentioning it in their release notes. Transparency? Never heard of it.
The impact goes beyond just exposing configuration files. Attackers could gain access to credentials, backup repositories, and connected systems. The vulnerability specifically exploits the STPreLoadManagement action at the /c/router endpoint. The vulnerability was first discovered by watchTowr Labs in September 2024. Your disaster recovery capabilities—you know, the thing you’re counting on when everything goes wrong—could be completely compromised.
This vulnerability highlights a troubling trend: backup solutions are increasingly becoming targets. These systems hold the keys to the kingdom. When they’re compromised, your last line of defense against attacks like ransomware fundamentally vanishes. Effective vulnerability management requires constant assessment and rapid response to minimize exposure windows.
Users need to update to NAKIVO Backup & Replication version 11.0.0.88174 or later. Additionally, implementing network segmentation and restricting access to backup systems wouldn’t hurt. Organizations should also be reviewing their logs for any signs of unauthorized access.
The discovery of this flaw underscores an uncomfortable truth: even your backups need protection. It’s almost like we need a backup for our backups. And at this rate, probably a backup for that backup too.
