Platform
other
Component
nimesa-backup-and-recovery
Fixed in
3.0.2025062306
2.3.1
2.4.1
A server-side request forgery (SSRF) vulnerability has been identified in multiple versions of Nimesa Backup and Recovery. This flaw allows an attacker to craft malicious requests that the server will then execute, potentially targeting internal resources. Versions of Nimesa Backup and Recovery prior to 3.0.2025062305 are affected. A patch has been released to address this vulnerability.
The SSRF vulnerability in Nimesa Backup and Recovery allows an attacker to bypass security controls and make requests to internal systems that are not directly accessible from the outside. This could lead to the exposure of sensitive data stored on internal servers, such as configuration files, database credentials, or even internal application data. An attacker could potentially use this vulnerability to scan internal networks, identify other vulnerable services, and ultimately achieve lateral movement within the organization. The blast radius extends to any internal resource accessible through the Nimesa Backup and Recovery server.
The vulnerability was publicly disclosed on 2025-07-07. Exploitation probability is currently assessed as medium, given the SSRF nature and potential for relatively easy exploitation. No public proof-of-concept code has been released at the time of writing, but SSRF vulnerabilities are frequently targeted. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.
Exploit Status
EPSS
0.06% (17% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-53473 is to upgrade Nimesa Backup and Recovery to version 3.0.2025062305 or later. If upgrading immediately is not feasible, consider implementing temporary workarounds such as restricting outbound network access from the Nimesa Backup and Recovery server using a firewall or web application proxy. Configure the proxy to block requests to internal IP addresses or specific internal services. Regularly review and audit the Nimesa Backup and Recovery configuration to ensure that it adheres to security best practices. After upgrade, confirm by verifying that requests to internal resources are no longer being initiated from the Nimesa Backup and Recovery server.
Update Nimesa Backup and Recovery to version 3.0.2025062305 or later. This will correct the SSRF vulnerability and prevent unintended requests from being sent to internal servers. See the provided references for more details and upgrade instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-53473 is a server-side request forgery vulnerability in Nimesa Backup and Recovery versions up to v2.4, allowing attackers to send unintended requests to internal servers.
Yes, if you are using Nimesa Backup and Recovery versions equal to or less than v2.4, you are affected by this SSRF vulnerability.
Upgrade Nimesa Backup and Recovery to version 3.0.2025062305 or later to resolve the vulnerability. Consider temporary workarounds like firewall restrictions if immediate upgrade isn't possible.
While no active exploitation has been confirmed, SSRF vulnerabilities are frequently targeted, so vigilance is advised.
Refer to the official Nimesa Backup and Recovery security advisory for detailed information and updates regarding CVE-2025-53473.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.