CVE-2025-48501
CRITICALNimesa Backup and Recovery <2.4 - Command Injection
Title source: llmDescription
An OS command injection issue exists in Nimesa Backup and Recovery v2.3 and v2.4. If this vulnerability is exploited, an arbitrary OS commands may be executed on the server where the product is running.
References (2)
Core 2
Core References
Various Sources
https://aws.amazon.com/marketplace/seller-profile?id=08fb48d1-5d60-4feb-93c6-c0c219278a2c
Third Party Advisory
https://jvn.jp/en/jp/JVN88251376/
Scores
CVSS v3
9.8
EPSS
0.0131
EPSS Percentile
66.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (2)
Nimesa/Nimesa Backup and Recovery
v2.3
Nimesa/Nimesa Backup and Recovery
v2.4
Published
Jul 07, 2025
Tracked Since
Feb 18, 2026