安全ID : QSA-25-08
Vulnerability in NAKIVO Backup & Replication
发布日期 : March 22, 2025
通用漏洞披露 : CVE-2024-48248
受影响产品: NAKIVO Backup & Replication 10.11.3.86570 and earlier
严重程度
Important
状态
修复
Summary
A vulnerability has been discovered in NAKIVO Backup & Replication 10.11.3.86570 and earlier. This vulnerability allows attackers to read arbitrary files on the affected system without authentication. If exploited, the vulnerability could expose sensitive data, including configuration files, backups, and credentials, potentially leading to data breaches or further security compromises.
We have already removed the affected versions from App Center and requested NAKIVO to provide a fixed version as soon as possible.
We will update this advisory when the fixed version is available.
Recommendation
We recommend users to install the latest update in App Center as soon as it becomes available.
To benefit from vulnerability fixes, we recommend regularly updating your system and all applications to the latest version. You can check QNAP App Center to see the latest application updates available for your operating system and NAS model.
Reference
Nakivo Security Advisory: CVE-2024-48248
修订历史: V1.0 (March 22, 2025) - Published
