All the vulnerabilites related to Nimesa - Nimesa Backup and Recovery
cve-2025-48501
Vulnerability from cvelistv5
Published
2025-07-07 04:51
Modified
2025-07-07 17:51
Severity ?
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
An OS command injection issue exists in Nimesa Backup and Recovery v2.3 and v2.4. If this vulnerability is exploited, an arbitrary OS commands may be executed on the server where the product is running.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Nimesa | Nimesa Backup and Recovery | |
| Nimesa | Nimesa Backup and Recovery |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48501",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-07T17:50:54.621360Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T17:51:06.538Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Nimesa Backup and Recovery",
"vendor": "Nimesa",
"versions": [
{
"status": "affected",
"version": "v2.3"
}
]
},
{
"product": "Nimesa Backup and Recovery",
"vendor": "Nimesa",
"versions": [
{
"status": "affected",
"version": "v2.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection issue exists in Nimesa Backup and Recovery v2.3 and v2.4. If this vulnerability is exploited, an arbitrary OS commands may be executed on the server where the product is running."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T04:51:39.574Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://aws.amazon.com/marketplace/seller-profile?id=08fb48d1-5d60-4feb-93c6-c0c219278a2c"
},
{
"url": "https://jvn.jp/en/jp/JVN88251376/"
}
],
"tags": [
"unsupported-when-assigned"
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-48501",
"datePublished": "2025-07-07T04:51:39.574Z",
"dateReserved": "2025-07-02T08:23:23.992Z",
"dateUpdated": "2025-07-07T17:51:06.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-53473
Vulnerability from cvelistv5
Published
2025-07-07 04:52
Modified
2025-07-07 17:15
Severity ?
7.3 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L
EPSS score ?
Summary
Server-side request forgery (SSRF) vulnerability exists n multiple versions of Nimesa Backup and Recovery, If this vulnerability is exploited, unintended requests may be sent to internal servers.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53473",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-07T17:14:38.882743Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T17:15:06.115Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Nimesa Backup and Recovery",
"vendor": "Nimesa",
"versions": [
{
"status": "affected",
"version": "prior to v3.0.2025062305"
}
]
},
{
"product": "Nimesa Backup and Recovery",
"vendor": "Nimesa",
"versions": [
{
"status": "affected",
"version": "v2.3"
}
]
},
{
"product": "Nimesa Backup and Recovery",
"vendor": "Nimesa",
"versions": [
{
"status": "affected",
"version": "v2.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Server-side request forgery (SSRF) vulnerability exists n multiple versions of Nimesa Backup and Recovery, If this vulnerability is exploited, unintended requests may be sent to internal servers."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-side request forgery (SSRF)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T04:52:00.334Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://aws.amazon.com/marketplace/seller-profile?id=08fb48d1-5d60-4feb-93c6-c0c219278a2c"
},
{
"url": "https://jvn.jp/en/jp/JVN88251376/"
}
],
"tags": [
"unsupported-when-assigned"
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-53473",
"datePublished": "2025-07-07T04:52:00.334Z",
"dateReserved": "2025-07-02T08:23:23.156Z",
"dateUpdated": "2025-07-07T17:15:06.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
jvndb-2025-000047
Vulnerability from jvndb
Published
2025-07-07 15:26
Modified
2025-07-07 15:26
Severity ?
Summary
Multiple vulnerabilities in Nimesa Backup and Recovery
Details
Nimesa Backup and Recovery provided by Nimesa contains multiple vulnerabilities listed below.<ul><li>OS command injection (CWE-78) - CVE-2025-48501</li><li>Server-side request forgery (CWE-918) - CVE-2025-53473</li></ul>
Kentaro Kawane of GMO Cybersecurity by Ierae reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN88251376/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2025-48501 | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2025-53473 | |
| OS Command Injection(CWE-78) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html | |
| No Mapping(CWE-Other) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Nimesa | Nimesa Backup and Recovery |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000047.html",
"dc:date": "2025-07-07T15:26+09:00",
"dcterms:issued": "2025-07-07T15:26+09:00",
"dcterms:modified": "2025-07-07T15:26+09:00",
"description": "Nimesa Backup and Recovery provided by Nimesa contains multiple vulnerabilities listed below.\u003cul\u003e\u003cli\u003eOS command injection (CWE-78) - CVE-2025-48501\u003c/li\u003e\u003cli\u003eServer-side request forgery (CWE-918) - CVE-2025-53473\u003c/li\u003e\u003c/ul\u003e\r\nKentaro Kawane of GMO Cybersecurity by Ierae reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000047.html",
"sec:cpe": {
"#text": "cpe:/a:misc:nimesa_nimesa_backup_and_recovery",
"@product": "Nimesa Backup and Recovery",
"@vendor": "Nimesa",
"@version": "2.2"
},
"sec:cvss": {
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000047",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN88251376/index.html",
"@id": "JVN#88251376",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-48501",
"@id": "CVE-2025-48501",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-53473",
"@id": "CVE-2025-53473",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in Nimesa Backup and Recovery"
}