Introduction
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included a high-severity security vulnerability affecting NAKIVO Backup & Replication software in its Known Exploited Vulnerabilities (KEV) catalog. This decision follows confirmed evidence of active exploitation, highlighting the urgency for immediate remediation.
Details of the Vulnerability
The identified vulnerability, designated as CVE-2024-48248, carries a CVSS score of 8.6 and is classified as an absolute path traversal flaw. This security weakness enables unauthenticated attackers to access and read arbitrary files on a compromised system, including sensitive information such as the "/etc/shadow" file, by exploiting the endpoint "/c/router." All software versions preceding 10.11.3.86570 are affected by this flaw.
According to CISA, the vulnerability allows attackers to read critical system files, thereby posing a substantial security risk. If exploited, malicious actors can access configuration files, stored backups, and credentials, which could facilitate further cyber intrusions and system compromises.
Exploitation and Remediation
Although details on real-world exploitation remain scarce, the flaw has been actively targeted, especially following the release of a proof-of-concept (PoC) exploit by watchTowr Labs towards the end of last month. The issue has since been resolved in version v11.0.0.88174, released in November 2024.
Security researchers have warned that the unauthenticated arbitrary file read vulnerability could be leveraged to extract all stored credentials from the NAKIVO system, particularly those contained within the "product01.h2.db" database.
Additional Security Flaws Added to the KEV Catalog
In addition to CVE-2024-48248, CISA has also listed two other critical vulnerabilities:
CVE-2025-1316 (CVSS score: 9.3): A severe OS command injection vulnerability found in the Edimax IC-7100 IP camera. Due to improper input sanitization, this flaw allows remote attackers to execute arbitrary code using specially crafted requests. Notably, this issue remains unpatched as the affected device has reached its end-of-life status.
CVE-2017-12637 (CVSS score: 7.5): A directory traversal vulnerability affecting the SAP NetWeaver Application Server (AS) Java. This flaw exists within the scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS component and permits remote attackers to access arbitrary files through manipulated query strings.
Ongoing Exploitation and Required Mitigations
Recent research by Akamai has revealed that cybercriminals have been actively exploiting CVE-2025-1316 to compromise Edimax IC-7100 IP cameras with default credentials. These compromised devices have been used to deploy at least two distinct Mirai botnet variants since May 2024, emphasizing the critical nature of timely mitigation.
In response to the growing threat, Federal Civilian Executive Branch (FCEB) agencies must implement necessary security measures by April 9, 2025, to safeguard their networks against potential exploits.
Conclusion
The inclusion of CVE-2024-48248 and other vulnerabilities in CISA’s KEV catalog underscores the ongoing cybersecurity threats facing organizations worldwide. As cybercriminals continue to exploit known vulnerabilities, it is crucial for affected entities to apply security patches and implement robust mitigation strategies promptly. Organizations using NAKIVO Backup & Replication software should upgrade to version v11.0.0.88174 immediately to prevent potential data breaches and system compromises.
0 Comments