Plataforma
other
Componente
nimesa-backup-and-recovery
Corregido en
3.0.2025062306
2.3.1
2.4.1
A server-side request forgery (SSRF) vulnerability has been identified in multiple versions of Nimesa Backup and Recovery. This flaw allows an attacker to craft malicious requests that the server will then execute, potentially targeting internal resources. Versions of Nimesa Backup and Recovery prior to 3.0.2025062305 are affected. A patch has been released to address this vulnerability.
The SSRF vulnerability in Nimesa Backup and Recovery allows an attacker to bypass security controls and make requests to internal systems that are not directly accessible from the outside. This could lead to the exposure of sensitive data stored on internal servers, such as configuration files, database credentials, or even internal application data. An attacker could potentially use this vulnerability to scan internal networks, identify other vulnerable services, and ultimately achieve lateral movement within the organization. The blast radius extends to any internal resource accessible through the Nimesa Backup and Recovery server.
The vulnerability was publicly disclosed on 2025-07-07. Exploitation probability is currently assessed as medium, given the SSRF nature and potential for relatively easy exploitation. No public proof-of-concept code has been released at the time of writing, but SSRF vulnerabilities are frequently targeted. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.
Organizations utilizing Nimesa Backup and Recovery for data protection, particularly those with sensitive internal resources accessible through the backup server, are at risk. Shared hosting environments where multiple users share the same Nimesa Backup and Recovery instance are also particularly vulnerable.
disclosure
Estado del Exploit
EPSS
0.06% (17% percentil)
CISA SSVC
Vector CVSS
The primary mitigation for CVE-2025-53473 is to upgrade Nimesa Backup and Recovery to version 3.0.2025062305 or later. If upgrading immediately is not feasible, consider implementing temporary workarounds such as restricting outbound network access from the Nimesa Backup and Recovery server using a firewall or web application proxy. Configure the proxy to block requests to internal IP addresses or specific internal services. Regularly review and audit the Nimesa Backup and Recovery configuration to ensure that it adheres to security best practices. After upgrade, confirm by verifying that requests to internal resources are no longer being initiated from the Nimesa Backup and Recovery server.
Actualice Nimesa Backup and Recovery a la versión 3.0.2025062305 o posterior. Esto corregirá la vulnerabilidad SSRF y evitará que se envíen solicitudes no deseadas a servidores internos. Consulte las referencias proporcionadas para obtener más detalles e instrucciones de actualización.
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2025-53473 is a server-side request forgery vulnerability in Nimesa Backup and Recovery versions up to v2.4, allowing attackers to send unintended requests to internal servers.
Yes, if you are using Nimesa Backup and Recovery versions equal to or less than v2.4, you are affected by this SSRF vulnerability.
Upgrade Nimesa Backup and Recovery to version 3.0.2025062305 or later to resolve the vulnerability. Consider temporary workarounds like firewall restrictions if immediate upgrade isn't possible.
While no active exploitation has been confirmed, SSRF vulnerabilities are frequently targeted, so vigilance is advised.
Refer to the official Nimesa Backup and Recovery security advisory for detailed information and updates regarding CVE-2025-53473.
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.