Critical Veeam Backup & Replication Vulnerability Allows Remote Execution of Malicious Code

A critical vulnerability in Veeam Backup & Replication software has been disclosed, posing a significant risk to users.

This vulnerability, identified as CVE-2025-23120, allows remote code execution (RCE) by authenticated domain users.

The severity of this issue is underscored by a CVSS v3.1 score of 9.9, indicating a high level of risk.

The vulnerability has been documented with the relevant details as follows: it affects Veeam Backup & Replication versions 12, 12.1, 12.2, and 12.3.

This issue was reported by Piotr Bazydlo of watchTowr, highlighting the importance of community engagement in identifying and addressing security issues.

Affected Product

Product Name	CVE	Affected Versions
Veeam Backup & Replication	CVE-2025-23120	12, 12.1, 12.2, 12.3

This vulnerability specifically impacts domain-joined backup servers, which contradicts the Security & Compliance Best Practices.

Organizations must ensure their systems are not configured in this manner to mitigate potential risks.

CVE-2025-23120 allows authenticated domain users to execute malicious code remotely. This level of vulnerability can lead to significant security breaches if exploited.

Given that it can be triggered by authenticated users, the risk is heightened for environments where domain access is not tightly controlled.

The vulnerability was reported by Piotr Bazydlo of watchTowr, highlighting the importance of community engagement in identifying and addressing security issues.

Solution

The vulnerability has been addressed in the latest update. Users are urged to upgrade to Veeam Backup & Replication version 12.3.1 (build 12.3.1.1139) to mitigate this risk.

It is essential for all users, particularly those running previous versions of the software, to apply this update as soon as possible.

Veeam Software emphasizes its commitment to customer security through proactive measures. These include a Vulnerability Disclosure Program (VDP) and rigorous internal code audits.

The company’s transparency in disclosing vulnerabilities and providing mitigation advice helps protect customers against potential threats.

In light of this critical vulnerability, it is imperative for organizations to prioritize updates and follow best practices to ensure their systems remain secure.

Once vulnerabilities are disclosed, attackers often attempt to exploit unpatched systems, making timely patch application crucial.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free