A critical vulnerability, CVE-2025-23114, has been discovered within the Veeam Updater component that poses a serious risk to organizations utilizing Veeam’s backup solutions.
The flaw allows attackers to leverage a Man-in-the-Middle (MitM) attack to inject and execute arbitrary code with root-level permissions on the affected appliance server.
The vulnerability, reported through HackerOne by security researcher @putsi, has been assigned a CVSS v3.1 severity score of 9.0, categorizing it as critical.
Current Releases
The vulnerability impacts the current and older versions of Veeam Backup for Salesforce (3.1 and older).
Previous Releases
Older releases of other Veeam backup products, utilizing outdated Veeam Updater components, are also vulnerable. An update to the latest version of these products addresses the issue.
Veeam has addressed the vulnerability by releasing updated versions of the Veeam Updater component. The patched versions include:
Users are advised to check for updates via the built-in Veeam Updater. To confirm the Veeam Updater version in use, review the update logs or history.
CVE-2025-23114 serves as a critical reminder for organizations to stay vigilant against software vulnerabilities by ensuring timely updates. Veeam has urged its users to upgrade to the latest versions immediately to mitigate the risk of exploitation.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
A sweeping international crackdown, codenamed Operation RapTor, has dealt a significant blow to the criminal…
On May 22, 2025, Commvault, a leading enterprise data backup provider, issued an urgent advisory…
Cybersecurity researchers and red teamers, a newly released tool named CefEnum is shedding light on…
Russian threat actors have been leveraging trusted cloud infrastructure platforms like Oracle Cloud Infrastructure (OCI)…
A critical security vulnerability has been discovered in Netwrix Password Secure, a widely used enterprise…
Cisco Talos has uncovered active exploitation of a zero-day remote-code-execution vulnerability, identified as CVE-2025-0994, in…