Wednesday, May 21, 2025
Follow us On Linkedin
HomeCVE/vulnerabilityVeeam Backup Vulnerability Allows Attackers to Execute Arbitrary Code

Veeam Backup Vulnerability Allows Attackers to Execute Arbitrary Code

CVE/vulnerabilityCyber Security NewsVulnerability

Published on

By Divya
Veeam Backup Vulnerability Allows Attackers to Execute Arbitrary Code

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

A critical vulnerability, CVE-2025-23114, has been discovered within the Veeam Updater component that poses a serious risk to organizations utilizing Veeam’s backup solutions.

The flaw allows attackers to leverage a Man-in-the-Middle (MitM) attack to inject and execute arbitrary code with root-level permissions on the affected appliance server.

The vulnerability, reported through HackerOne by security researcher @putsi, has been assigned a CVSS v3.1 severity score of 9.0, categorizing it as critical.

- Advertisement - Google News

Affected Products

Current Releases

The vulnerability impacts the current and older versions of Veeam Backup for Salesforce (3.1 and older).

Previous Releases

Older releases of other Veeam backup products, utilizing outdated Veeam Updater components, are also vulnerable. An update to the latest version of these products addresses the issue.

  • Veeam Backup for Nutanix AHV (Versions 5.0, 5.1)
    • Fixed in version 6 or higher (released August 24, 2024).
  • Veeam Backup for AWS (Versions 6a, 7)
    • Fixed in version 8 (released July 2, 2024).
  • Veeam Backup for Microsoft Azure (Versions 5a, 6)
    • Fixed in version 7 (released July 2, 2024).
  • Veeam Backup for Google Cloud (Versions 4, 5)
    • Fixed in version 6 (released December 3, 2024).
  • Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization (Versions 3, 4.0, 4.1)
    • Fixed in version 5 or higher (released August 24, 2024).

Veeam has addressed the vulnerability by releasing updated versions of the Veeam Updater component. The patched versions include:

  • Veeam Backup for Salesforce: Version 7.9.0.1124
  • Veeam Backup for Nutanix AHV: Version 9.0.0.1125
  • Veeam Backup for AWS: Version 9.0.0.1126
  • Veeam Backup for Microsoft Azure: Version 9.0.0.1128
  • Veeam Backup for Google Cloud: Version 9.0.0.1128
  • Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization: Version 9.0.0.1127

Users are advised to check for updates via the built-in Veeam Updater. To confirm the Veeam Updater version in use, review the update logs or history.

CVE-2025-23114 serves as a critical reminder for organizations to stay vigilant against software vulnerabilities by ensuring timely updates. Veeam has urged its users to upgrade to the latest versions immediately to mitigate the risk of exploitation.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Browser

Hackers Target Mobile Users Using PWA JavaScript to Bypass Browser Security

A sophisticated new injection campaign has been uncovered, targeting mobile users through malicious third-party...
API

Docker Zombie Malware Infects Containers for Crypto Mining and Self-Replication

A novel malware campaign targeting containerized infrastructures has emerged, exploiting insecurely exposed Docker APIs...
Cyber Attack

Hackers Masquerade as Organizations to Steal Payroll Logins and Redirect Payments from Employees

ReliaQuest, hackers have deployed a cunning search engine optimization (SEO) poisoning scheme to orchestrate...
cyber security

PupkinStealer Exploits Web Browser Passwords and App Tokens to Exfiltrate Data Through Telegram

A newly identified .NET-based information-stealing malware, dubbed PupkinStealer (also known as PumpkinStealer in some...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

Register Now

More like this

Browser

Hackers Target Mobile Users Using PWA JavaScript to Bypass Browser Security

A sophisticated new injection campaign has been uncovered, targeting mobile users through malicious third-party...
API

Docker Zombie Malware Infects Containers for Crypto Mining and Self-Replication

A novel malware campaign targeting containerized infrastructures has emerged, exploiting insecurely exposed Docker APIs...
Cyber Attack

Hackers Masquerade as Organizations to Steal Payroll Logins and Redirect Payments from Employees

ReliaQuest, hackers have deployed a cunning search engine optimization (SEO) poisoning scheme to orchestrate...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2025 GBHackers On Security - All Rights Reserved