A serious vulnerability has been discovered in Veeam Backup & Replication software, posing a significant threat to users. This vulnerability, identified as CVE-2025-23120, permits remote code execution (RCE) by authenticated domain users. The severity of this issue is highlighted by a CVSS v3.1 score of 9.9, indicating a high level of risk.
Affected Versions and Impact
The vulnerability affects the following versions of Veeam Backup & Replication:
- 12
- 12.1
- 12.2
- 12.3
This flaw specifically targets domain-joined backup servers, which contradicts established Security & Compliance Best Practices. Organizations must review their configurations to mitigate potential risks.
Details of Veeam Backup & Replication Vulnerability
CVE-2025-23120 allows authenticated domain users to execute malicious code remotely. This level of access can lead to significant security breaches if exploited. The risk is heightened in environments where domain access is not tightly controlled.
Piotr Bazydlo from watchTowr reported this critical vulnerability, underscoring the importance of community engagement in identifying security issues.
Recommended Actions for Users
Veeam has addressed this vulnerability in a recent update. Users are strongly urged to upgrade to Veeam Backup & Replication version 12.3.1 (build 12.3.1.1139) to mitigate this risk effectively.
Veeam Software emphasizes its commitment to customer security through proactive measures, including a Vulnerability Disclosure Program (VDP) and rigorous internal code audits. The company’s transparency in disclosing vulnerabilities and offering mitigation advice plays a crucial role in protecting customers against potential threats.
In light of this critical vulnerability, organizations must prioritize applying updates and following best practices to ensure their systems remain secure. Once vulnerabilities are disclosed, attackers often attempt to exploit unpatched systems, making timely patch application essential.
Learn more on best practices to secure your organization.
