CVE-2024-48248 NAKIVO CVE debrief

Who should care

Organizations that run NAKIVO Backup and Replication, especially backup administrators, infrastructure teams, and security operations staff responsible for exposed or business-critical instances.

Technical summary

The supplied corpus identifies CVE-2024-48248 as an absolute path traversal vulnerability in NAKIVO Backup and Replication. The available official source material does not provide a CVSS score, exploit details, or vendor advisory text, but CISA’s KEV listing indicates the issue is known to have been exploited and should be prioritized for remediation.

Defensive priority

Urgent

Recommended defensive actions

• Inventory all NAKIVO Backup and Replication deployments, including any externally reachable or cloud-hosted instances.
• Review the vendor release notes and apply the vendor’s mitigations or updates referenced by CISA as soon as they are available.
• If mitigations are unavailable, follow CISA guidance for the affected deployment model and consider discontinuing use until a safe remediation path exists.
• Complete remediation before the CISA KEV due date of 2025-04-09 and verify that affected systems remain patched or otherwise protected.

Evidence notes

This debrief is based only on the supplied KEV source item and the official links included in the corpus. The corpus shows CISA added CVE-2024-48248 to the KEV catalog on 2025-03-19 with a due date of 2025-04-09, but it does not include vendor release-note text or a CVSS score.

Official resources