NAKIVO Backup and Replication Solution - Unauthenticated Arbitrary File Read

NAKIVO Backup & Replication is a data protection solution used for backing up and restoring virtualized and physical environments. A vulnerability has been identified in certain versions of NAKIVO Backup & Replication that allows an unauthenticated attacker to read arbitrary files on the underlyi...

EUVD-2020-7831

Malware in sbrugna...

EUVD-2020-7832

Malware in sbrugna...

EUVD-2025-10303

Malicious code in bioql PyPI...

CVE-2025-32406

An XXE issue in the Director NBR component in NAKIVO Backup & Replication 10.3.x through 11.0.1 before 11.0.2 allows remote attackers fetch and parse the XML response...

CVE-2025-32406

An XXE issue in the Director NBR component in NAKIVO Backup & Replication 10.3.x through 11.0.1 before 11.0.2 allows remote attackers fetch and parse the XML response...

CVE-2025-32406

CAUTION: CVE-2025-32406 affects NAKIVO Backup & Replication, specifically the Director NBR component. Affects versions 10.3.x through 11.0.1 prior to 11.0.2. Root cause is an XML External Entity (XXE) vulnerability that may allow remote attackers to fetch and parse XML responses. Impact is descri...

CVE-2025-32406

An XXE issue in the Director NBR component in NAKIVO Backup & Replication 10.3.x through 11.0.1 before 11.0.2 allows remote attackers fetch and parse the XML response...

CVE-2025-32406

An XXE issue in the Director NBR component in NAKIVO Backup & Replication 10.3.x through 11.0.1 before 11.0.2 allows remote attackers fetch and parse the XML response...

PT-2025-15441 · Nakivo · Nakivo Backup & Replication

Name of the Vulnerable Software and Affected Versions: NAKIVO Backup & Replication versions 10.3.x through 11.0.1 Description: The issue is related to an XXE problem in the Director NBR component, allowing remote attackers to fetch and parse the XML response. Recommendations: For versions 10.3.x...

CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a high-severity security flaw impacting NAKIVO Backup & Replication software to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2024-48248 CVSS...

NAKIVO Backup and Replication Absolute Path Traversal Vulnerability

NAKIVO Backup and Replication contains an absolute path traversal vulnerability that enables an attacker to read arbitrary files...

VulnCheck KEV: CVE-2024-48248

NAKIVO Backup and Replication contains an absolute path traversal vulnerability that enables an attacker to read arbitrary files...

CVE-2024-48248

NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials...

The vulnerability of the web interface of NAKIVO Backup and Replication systems for virtual machines allows a perpetrator to disclose protected information.

The vulnerability of the web interface of NAKIVO Backup and Replication systems for virtual machines involves access control deficiencies. Exploiting this vulnerability allows an attacker to disclose protected information by sending specially crafted HTTP requests...

CVE-2024-48248

NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials...

CVE-2024-48248

NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials. Recent assessments: Assessed Attacker Value: 0 Assesse...

CVE-2024-48248

NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials...

Nakivo Backup & Replication 安全漏洞

Nakivo Backup & Replication is a reliable, fast and affordable virtual machine backup solution from Nakivo, U.S.A. NAKIVO Backup & Replication provides reliable, fast and affordable virtual machine data protection for VMware environments. Specifically designed for virtualization, the product...

CVE-2024-48248

NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials...