CVE-2024-48248
is CVE-2024-48248real, exploitable, or a false positive? Here's the community ground truth.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router (this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials).
References
Published
Embed this verdict
[](https://www.truepositive.app/cve/CVE-2024-48248)<a href="https://www.truepositive.app/cve/CVE-2024-48248"><img src="https://www.truepositive.app/cve/CVE-2024-48248/badge.svg" alt="TruePositive verdict for CVE-2024-48248"></a>Live badge — updates automatically as the community verdict changes.
Community ground truth
Community verdict
3 verdictsIncludes TruePositive's curated baseline from public sources — community verdicts accrue on top.
to add your verdict.
In line with its CVSS base score.
Field notes & remediation
Verdicts are the quick signal — notes are the evidence and fixes behind them.
- 0
Confirmed exploited in the wild — listed in the CISA KEV catalog (added 2025-03-19). Treat as real and prioritize patching over triage.
Related CVEs
Same weakness — CWE-36.
- CVE-2024-13159CVSS 9.8KEVEPSS 100%
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
- CVE-2018-20250CVSS 7.8KEVEPSS 96%
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.
- CVE-2024-13160CVSS 9.8KEVEPSS 90%
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
- CVE-2024-13161CVSS 9.8KEVEPSS 89%
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.