Search criteria
5 vulnerabilities found for Nimesa Backup and Recovery by Nimesa
JVNDB-2025-000047
Vulnerability from jvndb - Published: 2025-07-07 15:26 - Updated:2025-07-07 15:26
Severity ?
Summary
Multiple vulnerabilities in Nimesa Backup and Recovery
Details
Nimesa Backup and Recovery provided by Nimesa contains multiple vulnerabilities listed below.
- OS command injection (CWE-78) - CVE-2025-48501
- Server-side request forgery (CWE-918) - CVE-2025-53473
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000047.html",
"dc:date": "2025-07-07T15:26+09:00",
"dcterms:issued": "2025-07-07T15:26+09:00",
"dcterms:modified": "2025-07-07T15:26+09:00",
"description": "Nimesa Backup and Recovery provided by Nimesa contains multiple vulnerabilities listed below.\u003cul\u003e\u003cli\u003eOS command injection (CWE-78) - CVE-2025-48501\u003c/li\u003e\u003cli\u003eServer-side request forgery (CWE-918) - CVE-2025-53473\u003c/li\u003e\u003c/ul\u003e\r\nKentaro Kawane of GMO Cybersecurity by Ierae reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000047.html",
"sec:cpe": {
"#text": "cpe:/a:misc:nimesa_nimesa_backup_and_recovery",
"@product": "Nimesa Backup and Recovery",
"@vendor": "Nimesa",
"@version": "2.2"
},
"sec:cvss": {
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000047",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN88251376/index.html",
"@id": "JVN#88251376",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-48501",
"@id": "CVE-2025-48501",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-53473",
"@id": "CVE-2025-53473",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in Nimesa Backup and Recovery"
}
CVE-2025-53473 (GCVE-0-2025-53473)
Vulnerability from cvelistv5 – Published: 2025-07-07 04:52 – Updated: 2025-07-07 17:15
VLAI?
Summary
Server-side request forgery (SSRF) vulnerability exists n multiple versions of Nimesa Backup and Recovery, If this vulnerability is exploited, unintended requests may be sent to internal servers.
Severity ?
CWE
- CWE-918 - Server-side request forgery (SSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Nimesa | Nimesa Backup and Recovery |
Affected:
prior to v3.0.2025062305
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53473",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-07T17:14:38.882743Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T17:15:06.115Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Nimesa Backup and Recovery",
"vendor": "Nimesa",
"versions": [
{
"status": "affected",
"version": "prior to v3.0.2025062305"
}
]
},
{
"product": "Nimesa Backup and Recovery",
"vendor": "Nimesa",
"versions": [
{
"status": "affected",
"version": "v2.3"
}
]
},
{
"product": "Nimesa Backup and Recovery",
"vendor": "Nimesa",
"versions": [
{
"status": "affected",
"version": "v2.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Server-side request forgery (SSRF) vulnerability exists n multiple versions of Nimesa Backup and Recovery, If this vulnerability is exploited, unintended requests may be sent to internal servers."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-side request forgery (SSRF)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T04:52:00.334Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://aws.amazon.com/marketplace/seller-profile?id=08fb48d1-5d60-4feb-93c6-c0c219278a2c"
},
{
"url": "https://jvn.jp/en/jp/JVN88251376/"
}
],
"tags": [
"unsupported-when-assigned"
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-53473",
"datePublished": "2025-07-07T04:52:00.334Z",
"dateReserved": "2025-07-02T08:23:23.156Z",
"dateUpdated": "2025-07-07T17:15:06.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48501 (GCVE-0-2025-48501)
Vulnerability from cvelistv5 – Published: 2025-07-07 04:51 – Updated: 2025-07-07 17:51
VLAI?
Summary
An OS command injection issue exists in Nimesa Backup and Recovery v2.3 and v2.4. If this vulnerability is exploited, an arbitrary OS commands may be executed on the server where the product is running.
Severity ?
9.8 (Critical)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Nimesa | Nimesa Backup and Recovery |
Affected:
v2.3
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48501",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-07T17:50:54.621360Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T17:51:06.538Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Nimesa Backup and Recovery",
"vendor": "Nimesa",
"versions": [
{
"status": "affected",
"version": "v2.3"
}
]
},
{
"product": "Nimesa Backup and Recovery",
"vendor": "Nimesa",
"versions": [
{
"status": "affected",
"version": "v2.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection issue exists in Nimesa Backup and Recovery v2.3 and v2.4. If this vulnerability is exploited, an arbitrary OS commands may be executed on the server where the product is running."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T04:51:39.574Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://aws.amazon.com/marketplace/seller-profile?id=08fb48d1-5d60-4feb-93c6-c0c219278a2c"
},
{
"url": "https://jvn.jp/en/jp/JVN88251376/"
}
],
"tags": [
"unsupported-when-assigned"
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-48501",
"datePublished": "2025-07-07T04:51:39.574Z",
"dateReserved": "2025-07-02T08:23:23.992Z",
"dateUpdated": "2025-07-07T17:51:06.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53473 (GCVE-0-2025-53473)
Vulnerability from nvd – Published: 2025-07-07 04:52 – Updated: 2025-07-07 17:15
VLAI?
Summary
Server-side request forgery (SSRF) vulnerability exists n multiple versions of Nimesa Backup and Recovery, If this vulnerability is exploited, unintended requests may be sent to internal servers.
Severity ?
CWE
- CWE-918 - Server-side request forgery (SSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Nimesa | Nimesa Backup and Recovery |
Affected:
prior to v3.0.2025062305
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53473",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-07T17:14:38.882743Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T17:15:06.115Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Nimesa Backup and Recovery",
"vendor": "Nimesa",
"versions": [
{
"status": "affected",
"version": "prior to v3.0.2025062305"
}
]
},
{
"product": "Nimesa Backup and Recovery",
"vendor": "Nimesa",
"versions": [
{
"status": "affected",
"version": "v2.3"
}
]
},
{
"product": "Nimesa Backup and Recovery",
"vendor": "Nimesa",
"versions": [
{
"status": "affected",
"version": "v2.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Server-side request forgery (SSRF) vulnerability exists n multiple versions of Nimesa Backup and Recovery, If this vulnerability is exploited, unintended requests may be sent to internal servers."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-side request forgery (SSRF)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T04:52:00.334Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://aws.amazon.com/marketplace/seller-profile?id=08fb48d1-5d60-4feb-93c6-c0c219278a2c"
},
{
"url": "https://jvn.jp/en/jp/JVN88251376/"
}
],
"tags": [
"unsupported-when-assigned"
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-53473",
"datePublished": "2025-07-07T04:52:00.334Z",
"dateReserved": "2025-07-02T08:23:23.156Z",
"dateUpdated": "2025-07-07T17:15:06.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48501 (GCVE-0-2025-48501)
Vulnerability from nvd – Published: 2025-07-07 04:51 – Updated: 2025-07-07 17:51
VLAI?
Summary
An OS command injection issue exists in Nimesa Backup and Recovery v2.3 and v2.4. If this vulnerability is exploited, an arbitrary OS commands may be executed on the server where the product is running.
Severity ?
9.8 (Critical)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Nimesa | Nimesa Backup and Recovery |
Affected:
v2.3
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48501",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-07T17:50:54.621360Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T17:51:06.538Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Nimesa Backup and Recovery",
"vendor": "Nimesa",
"versions": [
{
"status": "affected",
"version": "v2.3"
}
]
},
{
"product": "Nimesa Backup and Recovery",
"vendor": "Nimesa",
"versions": [
{
"status": "affected",
"version": "v2.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection issue exists in Nimesa Backup and Recovery v2.3 and v2.4. If this vulnerability is exploited, an arbitrary OS commands may be executed on the server where the product is running."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T04:51:39.574Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://aws.amazon.com/marketplace/seller-profile?id=08fb48d1-5d60-4feb-93c6-c0c219278a2c"
},
{
"url": "https://jvn.jp/en/jp/JVN88251376/"
}
],
"tags": [
"unsupported-when-assigned"
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-48501",
"datePublished": "2025-07-07T04:51:39.574Z",
"dateReserved": "2025-07-02T08:23:23.992Z",
"dateUpdated": "2025-07-07T17:51:06.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}