Aggregates CVE and security vulnerability intelligence across all nakivo-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk xxe and vendor risk path handling; exposure may include vendor impact file overwrite in vendor surface production workloads and vendor surface software deployment contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-32406 | An XXE issue in the Director NBR component in NAKIVO Backup & Replication 10.3.x through 11.0.1 before 11.0.2 allows remote attackers fetch and parse the XML response. | [email protected] | 8.6 | 0.49% | 2025-04-08 | 2026-06-17 |
| CVE-2024-48248 KEV | NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router (this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials). | [email protected] | 8.6 | 94.01% | 2025-03-04 | 2026-06-17 |
| CVE-2020-15851 | Lack of access control in Nakivo Backup & Replication Transporter version 9.4.0.r43656 allows remote users to access unencrypted backup repositories and the Nakivo Controller configuration via a network accessible transporter service. It is also possible to create or delete backup repositories. | [email protected] | 9.8 | 1.52% | 2020-09-24 | 2026-06-16 |
| CVE-2020-15850 | Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow local users to access the Nakivo Director web interface and gain root privileges. This occurs because the database containing the users of the web application and the password-recovery secret value is readable. | [email protected] | 7.8 | 0.52% | 2020-09-24 | 2026-06-16 |