NAKIVO Backup & Replication is a widely used data protection solution designed to back up and restore virtualized and physical environments. A critical vulnerability has been discovered in certain versions of the software that allows an unauthenticated attacker to read arbitrary files on the underlying system. This vulnerability is being actively exploited in real-world environments.
| Product | NAKIVO Backup & Replication |
| Date | 2025-03-27 10:35:43 |
| Information |
|
Technical Summary
The vulnerability is caused by improper input validation in the STPreLoadManagement function, which processes user-supplied data in JSON requests. Attackers can craft malicious HTTP POST requests containing specific payloads that leverage the getImageByPath method to read sensitive system files.
By sending a specially crafted request, an unauthenticated attacker can retrieve the contents of files such as /etc/passwd on Linux-based systems or C:/windows/win.ini on Windows systems. The response to these requests confirms successful exploitation when the contents of the expected file appear in the returned data.
This vulnerability poses a significant security risk, as it allows attackers to access confidential system information, credentials, and other sensitive data, with the potential to cause privilege escalation or further system compromise.
Recommendations
To mitigate this vulnerability, administrators should take the following measures:
Update: Update NAKIVO Backup & Replication to the latest patched version provided by the vendor.
Restrict Access: Limit network exposure by restricting access to the web interface and API endpoints.
Apply Web Application Firewall (WAF) Rules: Implement WAF rules to detect and block malicious payloads attempting to exploit this vulnerability.
Monitor for Exploitation Attempts: Regularly review logs for unusual API requests or unauthorized access attempts.
[Callforaction-THREAT-Footer]
