The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has raised alarms over a newly exploited security flaw in NAKIVO Backup & Replication software, adding it to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, tracked as CVE-2024-48248 with a CVSS score of 8.6, poses a severe risk to affected systems and demands immediate mitigation.
The NAKIVO Vulnerability
The flaw is an absolute path traversal vulnerability, enabling unauthenticated attackers to access sensitive files stored on the target system. Exploiting this loophole, an attacker could retrieve critical files such as “/etc/shadow”, which stores encrypted passwords, by sending malicious requests to the endpoint “/c/router.”
Who Is Affected?
All versions of NAKIVO Backup & Replication before 10.11.3.86570 are vulnerable. Organizations using outdated versions must act swiftly to patch their systems by upgrading to the latest release, v11.0.0.88174, which was issued in November 2024 to fix this issue.
Exploitation in the Wild
While specific attack details remain undisclosed, the cybersecurity firm watchTowr Labs previously released a proof-of-concept (PoC) exploit for this vulnerability, increasing the likelihood of widespread attacks. Successful exploitation could give attackers access to:
Configuration files
Backup archives
Stored credentials
One major concern is the ability of attackers to extract credentials stored in the product01.h2.db database, potentially leading to further compromises across affected networks.
Additional Vulnerabilities Added to CISA’s KEV List
CISA has also flagged two other critical vulnerabilities that are actively exploited:
CVE-2025-1316 (CVSS Score: 9.3) – A command injection flaw in the Edimax IC-7100 IP camera, stemming from improper input validation. This allows remote attackers to execute arbitrary commands via specially crafted requests. The flaw remains unpatched as the device has reached end-of-life (EOL) status.
CVE-2017-12637 (CVSS Score: 7.5) – A directory traversal vulnerability in SAP NetWeaver Application Server (AS) Java, enabling remote attackers to read arbitrary files by manipulating query strings.
Mirai Botnet Exploiting IP Camera Vulnerability
Akamai recently reported that CVE-2025-1316 is being leveraged by cybercriminals to compromise Edimax IC-7100 cameras using default credentials. The vulnerability has been exploited to deploy at least two Mirai botnet variants since May 2024, potentially amplifying the scale of distributed denial-of-service (DDoS) attacks.
Mandatory Security Actions
In response to these active threats, Federal Civilian Executive Branch (FCEB) agencies must implement required security patches and mitigations by April 9, 2025, to comply with CISA’s directive. Private enterprises and organizations using affected systems are also strongly advised to:
Update NAKIVO Backup & Replication to v11.0.0.88174 or later.
Discontinue the use of end-of-life (EOL) Edimax IC-7100 cameras or apply network-level access restrictions.
Apply patches for SAP NetWeaver AS Java to mitigate CVE-2017-12637.
Monitor network traffic for suspicious activity linked to Mirai botnets.
Enforce strong authentication policies and remove default credentials from internet-facing devices.
Conclusion
With cybercriminals actively exploiting these vulnerabilities, delaying security updates could leave organizations exposed to significant data breaches, ransomware attacks, or unauthorized access to critical systems. Immediate action is required to prevent exploitation and strengthen network security.
Stay vigilant and prioritize patch management to defend against these escalating cyber threats. For further guidance, consult CISA’s KEV catalog and follow recommended security best practices.
Follow us on 
(Twitter) for real time updates and exclusive content.
Interesting Article : GitHub Actions Breach Exposes Secrets: CISA Issues Alert