The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has raised an urgent warning about a critical flaw in Nakivo Backup and Replication. Cybercriminals are now exploiting this vulnerability, putting enterprise data at serious risk.
The vulnerability, labeled CVE-2024-48248, carries a CVSS score of 8.6. If left unpatched, attackers could execute remote code and compromise sensitive data within backup environments. This recent update comes after the supply chain attack on GitHub users.
Data at Risk: Attackers Accessing Nakivo Systems Unchecked
Nakivo revealed that attackers can read any file on affected systems without needing to log in. This flaw could expose configuration files, backups, and credentials—potentially leading to massive data breaches.
In February, cybersecurity firm watchTowr published a detailed technical report. Their team demonstrated how the flaw allowed them to extract credentials and access server files at will.
Because Nakivo integrates widely across cloud services, virtual machines, and storage, attackers could leverage the flaw to gain control over entire IT infrastructures.
Patch Delay Adds to the Danger
watchTowr first reported the flaw in September 2024. Nakivo confirmed the issue by late October but quietly released a fix in November’s version 11.0.0.88174—without mentioning the vulnerability.
Nakivo updated its release notes in March after watchTowr confirmed attackers were already exploiting the bug. By that time, the flaw had been officially tracked as CVE-2024-48248.
Another cybersecurity group, Plugin Vulnerabilities, confirmed the attacks were active in the wild by March 6. Despite the critical nature of the bug, MITRE’s CVE entry remained incomplete.
CISA Adds Nakivo Flaw to Known Exploited List
On Wednesday, CISA added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Federal agencies now face a hard deadline of April 9 to patch their systems, as outlined in Binding Operational Directive (BOD) 22-01.
CISA’s warning also extended to two other threats:
- CVE-2025-1316: A zero-day flaw in Edimax cameras exploited since May 2024.
- CVE-2017-12637: A directory traversal flaw in SAP NetWeaver, under attack since 2017.
Though BOD 22-01 applies to federal networks, CISA urges all organizations to review their systems for exposure. Companies running vulnerable Nakivo versions should patch immediately to avoid a breach.
Protect Your Systems Before It’s Too Late
As cyberattacks grow more sophisticated, vulnerabilities like this can escalate quickly. Patch management remains the best defense. Organizations must act now to prevent attackers from exploiting this dangerous flaw. You can also consider checking out the updates from Google on a vulnerability scanner.
