The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog to include a severe security vulnerability affecting NAKIVO Backup & Replication software. This addition arises from confirmed instances of active exploitation, prompting urgency for remedial action across affected enterprises.
The specific vulnerability, identified as CVE-2024-48248, carries a CVSS score of 8.6, reflecting its high severity. It is classified as an absolute path traversal flaw that enables unauthenticated attackers to access sensitive files on the server—including critical configuration files—through the endpoint “/c/router”. This risk extends to all software versions prior to 10.11.3.86570.
CISA’s advisory emphasizes that this path traversal vulnerability permits unauthorized access to arbitrary files, potentially compromising sensitive data, configurations, and credentials, which can facilitate further attacks.
Current intelligence lacks comprehensive details on how this vulnerability is being exploited in practice. However, the issue has gained attention following a proof-of-concept exploit published by watchTowr Labs, marking a concern for businesses relying on this software. The vulnerability has been addressed as of November 2024 in version v11.0.0.88174, underlining the need for urgent updates.
The implications of CVE-2024-48248 are significant, as successful exploitation can enable attackers to extract stored credentials from the NAKIVO database. This access can serve as a gateway for broader system compromises, enhancing the potential impact of the breach.
Moreover, to further bolster the KEV catalog, CISA has added two other vulnerabilities indicating ongoing risks. Among them is CVE-2025-1316, a critical command injection vulnerability found in Edimax IC-7100 IP cameras, which remains unpatched due to the device reaching its end of life. Additionally, CVE-2017-12637 affecting SAP NetWeaver has been identified as a directory traversal vulnerability allowing attackers to read arbitrary files, posing further risks associated with credential exposure.
As the landscape of cyber threats evolves, companies must remain vigilant. Institutions in sectors governed by the Federal Civilian Executive Branch (FCEB) are mandated to implement necessary mitigations by April 9, 2025, to secure their networks against threats like these.
Adding to the urgency, Akamai recently reported that CVE-2025-1316 is actively being exploited, targeting devices with default credentials and deploying variants of the Mirai botnet since May 2024. In light of this, organizations should prioritize their cybersecurity defenses and consider implementing controls aligned with MITRE ATT&CK tactics such as initial access, privilege escalation, and data exfiltration to thwart potential attacks.
As a reminder, the ongoing threat landscape reveals a propensity for exploitation of well-known vulnerabilities. SAP’s Onapsis reported evidence of active exploitation of CVE-2017-12637, with threat actors extracting sensitive configuration files, which could lead to severe system compromises. Given these developments, organizations must prioritize robustness in their cybersecurity postures, ensuring that they are equipped to navigate these threats effectively.
