Cyber Security News

Critical Veeam Backup & Replication Vulnerability Allows Remote Execution of Malicious Code

A critical vulnerability in Veeam Backup & Replication software has been disclosed, posing a significant risk to users.

This vulnerability, identified as CVE-2025-23120, allows remote code execution (RCE) by authenticated domain users.

The severity of this issue is underscored by a CVSS v3.1 score of 9.9, indicating a high level of risk.

The vulnerability has been documented with the relevant details as follows: it affects Veeam Backup & Replication versions 12, 12.1, 12.2, and 12.3.

This issue was reported by Piotr Bazydlo of watchTowr, highlighting the importance of community engagement in identifying and addressing security issues.

Affected Product

Product NameCVEAffected Versions
Veeam Backup & ReplicationCVE-2025-2312012, 12.1, 12.2, 12.3

This vulnerability specifically impacts domain-joined backup servers, which contradicts the Security & Compliance Best Practices.

Organizations must ensure their systems are not configured in this manner to mitigate potential risks.

CVE-2025-23120 allows authenticated domain users to execute malicious code remotely. This level of vulnerability can lead to significant security breaches if exploited.

Given that it can be triggered by authenticated users, the risk is heightened for environments where domain access is not tightly controlled.

The vulnerability was reported by Piotr Bazydlo of watchTowr, highlighting the importance of community engagement in identifying and addressing security issues.

Solution

The vulnerability has been addressed in the latest update. Users are urged to upgrade to Veeam Backup & Replication version 12.3.1 (build 12.3.1.1139) to mitigate this risk.

It is essential for all users, particularly those running previous versions of the software, to apply this update as soon as possible.

Veeam Software emphasizes its commitment to customer security through proactive measures. These include a Vulnerability Disclosure Program (VDP) and rigorous internal code audits.

The company’s transparency in disclosing vulnerabilities and providing mitigation advice helps protect customers against potential threats.

In light of this critical vulnerability, it is imperative for organizations to prioritize updates and follow best practices to ensure their systems remain secure.

Once vulnerabilities are disclosed, attackers often attempt to exploit unpatched systems, making timely patch application crucial.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Open Source Linux Firewall IPFire 2.29 – Core Update 194 Released: What’s New!

IPFire, the powerful open-source firewall, has unveiled its latest release, IPFire 2.29 – Core Update…

4 hours ago

Threat Actors Leverage DDoS Attacks as Smokescreens for Data Theft

Distributed Denial of Service (DDoS) attacks, once seen as crude tools for disruption wielded by…

4 hours ago

20-Year-Old Proxy Botnet Network Dismantled After Exploiting 1,000 Unpatched Devices Each Week

A 20-year-old criminal proxy network has been disrupted through a joint operation involving Lumen’s Black…

4 hours ago

“PupkinStealer” – .NET Malware Steals Browser Data and Exfiltrates via Telegram

A new information-stealing malware dubbed “PupkinStealer” has emerged as a significant threat to individuals and…

4 hours ago

Phishing Campaign Uses Blob URLs to Bypass Email Security and Avoid Detection

Cybersecurity researchers at Cofense Intelligence have identified a sophisticated phishing tactic leveraging Blob URIs (Uniform…

4 hours ago

VMware Tools Vulnerability Allows Attackers to Modify Files and Launch Malicious Operations

Broadcom-owned VMware has released security patches addressing a moderate severity insecure file handling vulnerability in…

6 hours ago