Nakivo Backup Replication Director vulnerabilities
3 known vulnerabilities affecting nakivo/backup_replication_director.
Total CVEs
3
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
HIGH3
Vulnerabilities
Page 1 of 1
CVE-2024-48248P1HIGHCVSS 8.6KEVPoCfixed in 11.0.0.881742025-03-04
CVE-2024-48248 [HIGH] CWE-36 CVE-2024-48248: NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via
NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router (this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials).
nvd
CVE-2025-32406P3HIGHCVSS 8.6≥ 10.3, < 11.0.22025-04-08
CVE-2025-32406 [HIGH] CWE-611 CVE-2025-32406: An XXE issue in the Director NBR component in NAKIVO Backup & Replication 10.3.x through 11.0.1 befo
An XXE issue in the Director NBR component in NAKIVO Backup & Replication 10.3.x through 11.0.1 before 11.0.2 allows remote attackers fetch and parse the XML response.
nvd
CVE-2020-15850P3HIGHCVSS 7.8v9.4.0.r436562020-09-24
CVE-2020-15850 [HIGH] CWE-276 CVE-2020-15850: Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow loc
Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow local users to access the Nakivo Director web interface and gain root privileges. This occurs because the database containing the users of the web application and the password-recovery secret value is readable.
nvd