224/68 Friday, June 20, 2025
Veeam has released a security update to address a critical vulnerability in its Backup & Replication product. The flaw, tracked as CVE-2025-23121 and rated CVSS 9.9, allows authenticated domain users to execute arbitrary code remotely on the Backup Server, potentially leading to full system compromise. This vulnerability affects versions 12.3.1.1139 and older 12.x releases.
The issue was discovered by researchers from CODE WHITE GmbH, and further analysis by watchTowr revealed that CVE-2025-23121 results from a bypass of a previously patched vulnerability (CVE-2025-23120), which was addressed in March 2025. Both vulnerabilities allow domain-authenticated users to perform Remote Code Execution (RCE).
Veeam also fixed two additional vulnerabilities:
- CVE-2025-24286 (CVSS 7.2): Found in Backup & Replication, this flaw allows Backup Operators to modify jobs in a way that enables arbitrary code execution. Discovered by Nikolai Skliarenko from Trend Micro.
- CVE-2025-24287 (CVSS 6.1): Found in Veeam Agent for Microsoft Windows, this local privilege escalation vulnerability enables a local user to manipulate files in specific directories to gain elevated execution rights. Reported by CrisprXiang via Trend Micro’s Zero Day Initiative.
System administrators are strongly urged to upgrade to the latest versions immediately to mitigate the risk of exploitation, especially given the potential for attackers to use these vulnerabilities in coordinated attacks across enterprise environments.
