NAKIVO
Company Details
Linkedin ID:
nakivo
Website:
Employees number:
176
Number of followers:
8,548
NAICS:
5112
Industry Type:
Homepage:
nakivo.com
IP Addresses:
0
Company ID:
NAK_1929798
Scan Status:
In-progress
NAKIVO Company CyberSecurity Posture
nakivo.com
NAKIVO is a US-based corporation dedicated to delivering the ultimate backup, ransomware protection and disaster recovery solution for virtual, physical, cloud and SaaS environments. As one of the fastest-growing backup and ransomware recovery software vendors in the industry, NAKIVO boasts 24 consecutive quarters of double-digit growth, 5-star online community reviews, 98% customer satisfaction with support and a network of over 8000 partners worldwide. Over 30,000 active customers in 183 countries trust NAKIVO with protecting their data, including major companies like Honda, Cisco, Coca-Cola and Siemens.
NAKIVO A.I CyberSecurity Scoring
NAKIVO Risk Score (AI oriented)Between 750 and 799
NAKIVO
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
NAKIVO Global Score (TPRM)XXXX
NAKIVO
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
NAKIVO Company CyberSecurity News & History
Past Incidents
2
Attack Types
1
Nakivo
Vulnerability
Rankiteo Explanation
Attack threatening the organization’s existence
Description: A critical vulnerability identified as CVE-2024-48248 in Nakivo Backup & Replication allows for unauthenticated arbitrary file reads, potentially leading to sensitive data exposure. Despite the severity, Nakivo was initially unresponsive and later resolved the issue silently, compromising transparency. The lack of a public advisory continued to leave many systems at risk. Discovered by watchTowr Labs, this flaw affects numerous versions and has been found in over 200 instances globally, with significant concentrations in France and the United States. The vulnerability provides attackers access to crucial system files and backup data, posing a high risk of data breach and infrastructure compromise.
NAKIVO
Vulnerability
Rankiteo Explanation
Attack threatening the organization’s existence
Description: The critical vulnerability identified in NAKIVO Backup and Replication solutions, labeled as CVE-2024-48248, can result in unauthorized arbitrary file reads from vulnerable systems. This vulnerability was actively exploited, thereby allowing attackers to access sensitive files that could include credentials and configuration data. Impact of this vulnerability could extend to sensitive data exposure, and potentially be leveraged in ransomware attacks that could disable recovery options and extract valuable data such as database credentials, AWS keys, and SSH keys. Organizations using the affected versions were urged to update to patch the flaw and secure their backup infrastructure.
NAKIVO Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for NAKIVO
Incidents vs Software Development Industry Average (This Year)
No incidents recorded for NAKIVO in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for NAKIVO in 2025.
Incident Types NAKIVO vs Software Development Industry Avg (This Year)
No incidents recorded for NAKIVO in 2025.
Incident History — NAKIVO (X = Date, Y = Severity)
NAKIVO cyber incidents detection timeline including parent company and subsidiaries
NAKIVO Company Subsidiaries
NAKIVO is a US-based corporation dedicated to delivering the ultimate backup, ransomware protection and disaster recovery solution for virtual, physical, cloud and SaaS environments. As one of the fastest-growing backup and ransomware recovery software vendors in the industry, NAKIVO boasts 24 consecutive quarters of double-digit growth, 5-star online community reviews, 98% customer satisfaction with support and a network of over 8000 partners worldwide. Over 30,000 active customers in 183 countries trust NAKIVO with protecting their data, including major companies like Honda, Cisco, Coca-Cola and Siemens.
Loading...
NAKIVO Similar Companies
Atlassian powers the collaboration that helps teams accomplish what would otherwise be impossible alone. From space missions and motor racing to bugs in code and IT requests, no task is too large or too small with the right team, the right tools, and the right practices. Over 300,000 global compa
HubSpot
HubSpot is a leading CRM platform that provides software and support to help businesses grow better. Our platform includes marketing, sales, service, and website management products that start free and scale to meet our customers’ needs at any stage of growth. Today, thousands of customers around th
Grab
Grab is Southeast Asia’s leading superapp, offering a suite of services consisting of deliveries, mobility, financial services, enterprise and others. Grabbers come from all over the world, and we are united by a common mission: to drive Southeast Asia forward by creating economic empowerment for ev
TOTVS
Olá, somos a TOTVS! A maior empresa de tecnologia do Brasil. 🤓 Líder absoluta em sistemas e plataformas para empresas, a TOTVS possui mais de 70 mil clientes. Indo muito além do ERP, oferece tecnologia completa para digitalização dos negócios por meio de 3 unidades de negócio: - Gestão: ERPs, sol
Bosch USA
The Bosch Group’s strategic objective is to create solutions for a connected life. Bosch improves quality of life worldwide with innovative products and services that are "Invented for life" and spark enthusiasm. Podcast: http://bit.ly/beyondbosch Imprint: https://www.bosch.us/corporate-informatio
Dassault Systèmes
Dassault Systèmes is a catalyst for human progress. Since 1981, the company has pioneered virtual worlds to improve real life for consumers, patients and citizens. With Dassault Systèmes’ 3DEXPERIENCE platform, 370,000 customers of all sizes, in all industries, can collaborate, imagine and create
NiCE
NiCE is transforming the world with AI that puts people first. Our purpose-built AI-powered platforms automate engagements into proactive, safe, intelligent actions, empowering individuals and organizations to innovate and act, from interaction to resolution. Trusted by organizations throughout 150
PhonePe Group is India’s leading fintech company, proudly recognized as India’s #1 Trusted Digital Payments* Brand for three consecutive years. Our flagship product, the PhonePe app was launched in August 2016, has rapidly become the preferred consumer payments app in India. In just eight years, Pho
Just Eat Takeaway.com
Just Eat Takeaway.com is a leading global online delivery marketplace, connecting consumers and restaurants through our platform in 19 countries. Like a dinner table, working at JET brings our office employees and couriers together. From coding to customer service to couriers, JET is a
.png)
NAKIVO CyberSecurity News
November 14, 2025 08:00 AM
Markets round-up for the week: 14 November - Hammer, Rubrik, NAKIVO...
Channel-based firms continue to report growth and new alliances with technology partners to help tackle emerging markets.
November 09, 2025 08:00 AM
NAKIVO Introduces v11.1 with Upgraded Disaster Recovery and MSP Features
NAKIVO Backup & Replication v11.1 expands disaster recovery with real-time replication, enhanced Proxmox VE support, and granular physical...
October 29, 2025 06:50 AM
Palo Alto Networks introduces AI-driven Agents to automate response against Cyber Attacks
Palo Alto Networks, a leading American cybersecurity company, is pioneering the integration of Artificial Intelligence (AI) in the realm of network and...
October 15, 2025 04:09 AM
NAKIVO Unveils v11.1 with Advanced Disaster Recovery and MSP Functionalities
The newest version includes five additional languages, introduces more Proxmox VE backup and recovery functions, automates real-time replication,...
October 10, 2025 10:09 AM
NAKIVO Releases v11.1 with Enhanced Disaster Recovery and MSP Capabilities
This latest update adds 5 new languages to the interface, more Proxmox VE backup and recovery options, automated real-time replication, enhanced MSP direct...
October 06, 2025 07:00 AM
NAKIVO and its latest Backup & Replication software
NAKIVO has announced v11.1 of its Backup & Replication software and so we thought it would be. a good time to take a look at the company.
September 15, 2025 07:00 AM
Data protection providers sign new channel deals with CrowdStrike
Rubrik and NinjaOne have struck channel technology deals with CrowdStrike. First, Rubrik has announced an expanded integration with the...
July 02, 2025 07:00 AM
Celerity creates £50m-sales company with acquisition of Silverstring
UK-based IT services provider Celerity has acquired cyber firm Silverstring. Founded in 2002, Celerity focuses on cybersecurity and hybrid cloud systems.
March 20, 2025 07:00 AM
CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting NAKIVO Backup...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
NAKIVO CyberSecurity History Information
Official Website of NAKIVO
The official website of NAKIVO is https://www.nakivo.com.
NAKIVO’s AI-Generated Cybersecurity Score
According to Rankiteo, NAKIVO’s AI-generated cybersecurity score is 750, reflecting their Fair security posture.
How many security badges does NAKIVO’ have ?
According to Rankiteo, NAKIVO currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does NAKIVO have SOC 2 Type 1 certification ?
According to Rankiteo, NAKIVO is not certified under SOC 2 Type 1.
Does NAKIVO have SOC 2 Type 2 certification ?
According to Rankiteo, NAKIVO does not hold a SOC 2 Type 2 certification.
Does NAKIVO comply with GDPR ?
According to Rankiteo, NAKIVO is not listed as GDPR compliant.
Does NAKIVO have PCI DSS certification ?
According to Rankiteo, NAKIVO does not currently maintain PCI DSS compliance.
Does NAKIVO comply with HIPAA ?
According to Rankiteo, NAKIVO is not compliant with HIPAA regulations.
Does NAKIVO have ISO 27001 certification ?
According to Rankiteo,NAKIVO is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of NAKIVO
NAKIVO operates primarily in the Software Development industry.
Number of Employees at NAKIVO
NAKIVO employs approximately 176 people worldwide.
Subsidiaries Owned by NAKIVO
NAKIVO presently has no subsidiaries across any sectors.
NAKIVO’s LinkedIn Followers
NAKIVO’s official LinkedIn profile has approximately 8,548 followers.
NAICS Classification of NAKIVO
NAKIVO is classified under the NAICS code 5112, which corresponds to Software Publishers.
NAKIVO’s Presence on Crunchbase
No, NAKIVO does not have a profile on Crunchbase.
NAKIVO’s Presence on LinkedIn
Yes, NAKIVO maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/nakivo.
Cybersecurity Incidents Involving NAKIVO
As of November 29, 2025, Rankiteo reports that NAKIVO has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
NAKIVO has an estimated 26,782 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at NAKIVO ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability.
How does NAKIVO detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an remediation measures with update to patch the flaw..
Incident Details
Can you provide details on each incident ?
Title: CVE-2024-48248 Vulnerability in Nakivo Backup & Replication
Description: A critical vulnerability identified as CVE-2024-48248 in Nakivo Backup & Replication allows for unauthenticated arbitrary file reads, potentially leading to sensitive data exposure. Despite the severity, Nakivo was initially unresponsive and later resolved the issue silently, compromising transparency. The lack of a public advisory continued to leave many systems at risk. Discovered by watchTowr Labs, this flaw affects numerous versions and has been found in over 200 instances globally, with significant concentrations in France and the United States. The vulnerability provides attackers access to crucial system files and backup data, posing a high risk of data breach and infrastructure compromise.
Type: Vulnerability Exploitation
Attack Vector: Unauthenticated Arbitrary File Reads
Vulnerability Exploited: CVE-2024-48248
Title: NAKIVO Backup and Replication Vulnerability (CVE-2024-48248)
Description: The critical vulnerability identified in NAKIVO Backup and Replication solutions, labeled as CVE-2024-48248, can result in unauthorized arbitrary file reads from vulnerable systems. This vulnerability was actively exploited, thereby allowing attackers to access sensitive files that could include credentials and configuration data. Impact of this vulnerability could extend to sensitive data exposure, and potentially be leveraged in ransomware attacks that could disable recovery options and extract valuable data such as database credentials, AWS keys, and SSH keys. Organizations using the affected versions were urged to update to patch the flaw and secure their backup infrastructure.
Type: Vulnerability Exploitation
Attack Vector: Unauthorized Arbitrary File Reads
Vulnerability Exploited: CVE-2024-48248
Motivation: Data ExfiltrationPotential Ransomware
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Vulnerability.
Impact of the Incidents
What was the impact of each incident ?
Incident : Vulnerability Exploitation NAK408030225
Data Compromised: System files, Backup data
Systems Affected: Nakivo Backup & Replication
Incident : Vulnerability Exploitation NAK443032025
Data Compromised: Credentials, Configuration data, Database credentials, Aws keys, Ssh keys
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are System Files, Backup Data, , Credentials, Configuration Data, Database Credentials, Aws Keys, Ssh Keys and .
Which entities were affected by each incident ?
Incident : Vulnerability Exploitation NAK408030225
Entity Name: Nakivo
Entity Type: Software Company
Industry: Technology
Location: FranceUnited States
Incident : Vulnerability Exploitation NAK443032025
Entity Name: NAKIVO
Entity Type: Software Vendor
Industry: Technology
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Vulnerability Exploitation NAK443032025
Remediation Measures: Update to patch the flaw
Data Breach Information
What type of data was compromised in each breach ?
Incident : Vulnerability Exploitation NAK408030225
Type of Data Compromised: System files, Backup data
Sensitivity of Data: High
Incident : Vulnerability Exploitation NAK443032025
Type of Data Compromised: Credentials, Configuration data, Database credentials, Aws keys, Ssh keys
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Update to patch the flaw, .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Vulnerability Exploitation NAK443032025
Data Exfiltration: True
Lessons Learned and Recommendations
What recommendations were made to prevent future incidents ?
Incident : Vulnerability Exploitation NAK443032025
Recommendations: Update to patch the flaw, Secure backup infrastructureUpdate to patch the flaw, Secure backup infrastructure
References
Where can I find more information about each incident ?
Incident : Vulnerability Exploitation NAK408030225
Source: watchTowr Labs
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: watchTowr Labs.
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were System files, Backup data, , Credentials, Configuration Data, Database Credentials, AWS Keys, SSH Keys and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Database Credentials, AWS Keys, SSH Keys, System files, Backup data, Credentials and Configuration Data.
Lessons Learned and Recommendations
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Secure backup infrastructure and Update to patch the flaw.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is watchTowr Labs.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Exposure of credentials in unintended requests in Devolutions Server, Remote Desktop Manager on Windows.This issue affects Devolutions Server: through 2025.3.8.0; Remote Desktop Manager: through 2025.3.23.0.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Description
Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input.
Risk Information
cvss4
Base: 8.8
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Reveals plaintext credentials in the MONITOR command vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 1.0.0 through 2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue.
Risk Information
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Description
Improper Privilege Management vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from v2.9.0 through v2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue.
Risk Information
cvss3
Base: 5.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Description
File upload vulnerability in HCL Technologies Ltd. Unica 12.0.0.
Risk Information
cvss3
Base: 6.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=nakivo' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
