Search

Security ID : QSA-25-08

Vulnerability in NAKIVO Backup & Replication

  • Release date : March 22, 2025

  • CVE identifier : CVE-2024-48248

  • Affected products: NAKIVO Backup & Replication 10.11.3.86570 and earlier

Severity

Important

Status

Fixing

Summary

A vulnerability has been discovered in NAKIVO Backup & Replication 10.11.3.86570 and earlier. This vulnerability allows attackers to read arbitrary files on the affected system without authentication. If exploited, the vulnerability could expose sensitive data, including configuration files, backups, and credentials, potentially leading to data breaches or further security compromises.

  

We have already removed the affected versions from App Center and requested NAKIVO to provide a fixed version as soon as possible. 

  

We will update this advisory when the fixed version is available.

Recommendation

We recommend users to install the latest update in App Center as soon as it becomes available.

  

To benefit from vulnerability fixes, we recommend regularly updating your system and all applications to the latest version. You can check QNAP App Center to see the latest application updates available for your operating system and NAS model.

Reference

Nakivo Security Advisory: CVE-2024-48248

  

Revision History: V1.0 (March 22, 2025) - Published

Scegliere le caratteristiche

      Mostra di più Meno

      Questo sito in altre nazioni/regioni

      open menu
      back to top