QNAP Security Advisory on Vulnerability in Nakivo Backup & Replication App
QNAP have already removed affected versions from App Center and requested Nakivo to provide fixed version as soon as possible.
This is a Press Release edited by StorageNewsletter.com on March 25, 2025 at 2:00 pmQnap Systems, Inc. had published a security advisory concerning Nakivo Backup & Replication App for NAS.
Release date: March 22, 2025
CVE identifier: CVE-2024-48248
Affected products: NAKIVO Backup & Replication 10.11.3.86570 and earlier
Severity: Important
Status: Fixing
Summary
A vulnerability has been discovered in NAKIVO Backup & Replication 10.11.3.86570 and earlier. This vulnerability allows attackers to read arbitrary files on the affected system without authentication. If exploited, the vulnerability could expose sensitive data, including configuration files, backups, and credentials, potentially leading to data breaches or further security compromises.
QNAP have already removed the affected versions from App Center and requested Nakivo to provide a fixed version as soon as possible.
The company will update this advisory when the fixed version is available.
Recommendation
QNAP recommend users to install the latest update in App Center as soon as it becomes available.
To benefit from vulnerability fixes, the company recommend regularly updating your system and all applications to the latest version. User can check QNAP App Center to see the latest application updates available for OSs and NAS model.
Reference : Nakivo Security Advisory: CVE-2024-48248
Revision History: V1.0 (March 22, 2025) – Published
Subscribe to our free daily newsletter
