Published:2025/07/07 Last Updated:2025/07/07
JVN#88251376
Multiple vulnerabilities in Nimesa Backup and Recovery
Overview
Nimesa Backup and Recovery provided by Nimesa contains multiple vulnerabilities.
Products Affected
CVE-2025-48501
- Nimesa Backup and Recovery v2.3
- Nimesa Backup and Recovery v2.4
- Nimesa Backup and Recovery versions prior to v3.0.2025062305
- Nimesa Backup and Recovery v2.3
- Nimesa Backup and Recovery v2.4
Description
Nimesa Backup and Recovery provided by Nimesa contains multiple vulnerabilities listed below.
- OS command injection (CWE-78)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 9.3
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 9.8
- CVE-2025-48501
- Server-side request forgery (CWE-918)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L Base Score 6.9
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Base Score 7.3
- CVE-2025-53473
Impact
- Arbitrary OS commands may be executed on the server where the product is running (CVE-2025-48501)
- Unintended requests may be sent to internal servers (CVE-2025-53473)
Solution
Update the software
Update the software to the latest version according to the information provided by the developer.
Vendor Status
Vendor | Link |
Nimesa | AWS Marketplace: Nimesa Technology |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Kentaro Kawane of GMO Cybersecurity by Ierae reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
JPCERT Alert |
|
JPCERT Reports |
|
CERT Advisory |
|
CPNI Advisory |
|
TRnotes |
|
CVE |
CVE-2025-48501 |
CVE-2025-53473 |
|
JVN iPedia |
JVNDB-2025-000047 |