Do Son 
JPCERT/CC has issued a warning about two serious vulnerabilities in the Nimesa Backup and Recovery solution, a widely used disaster recovery and backup platform for enterprise applications on AWS. The affected versions, now officially unsupported by the vendor, expose systems to severe risks including remote code execution and internal request forgery.
The firs flaw is tracked as CVE-2025-48501 and has a CVSS score of 9.8. This critical-rated vulnerability affects versions 2.3 and 2.4 of Nimesa Backup and Recovery. It allows an attacker to execute arbitrary operating system commands on the host machine. Given its high CVSS score, this flaw poses an immediate threat to the confidentiality, integrity, and availability of systems running the vulnerable software.
A second vulnerability, tracked as CVE-2025-53473 (CVSS 7.3), present in versions prior to v3.0.2025062305 and v2.3 and v2.4, enables Server-Side Request Forgery (SSRF). Malicious actors could leverage this flaw to trick the application into sending unintended requests to internal services—potentially revealing sensitive internal infrastructure or enabling further attacks.
JPCERT/CC notes that “the affected versions are no longer supported”, meaning organizations still relying on these legacy releases are at elevated risk.
The advisory strongly recommends upgrading to the latest supported version of Nimesa Backup and Recovery. Users should also conduct internal audits to detect potential exploitation attempts and review their access controls for backup servers.
Related Posts:
- Microsoft Clarifies Windows 11 Installation on Unsupported Devices: Proceed with Caution
- JPCERT/CC Warns: MirrorFace LODEINFO & NOOPDOOR Malware Targeting Industry
- Warning: Discontinued Amazon Cloud Cam Has Vulnerability (CVE-2025-6031), Exposing Your Network
- Spring Boot Wildcard Security Bypass
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
