Veeam Software has released an urgent update for its backup platform after discovering a serious vulnerability (CVE-2025-23121) that allowed remote code execution (RCE) on backup servers, posing a potential high-risk impact for thousands of organizations globally.
A Critical Vulnerability, CVSS Score 9.9
The security flaw, rated with a CVSS of 9.9 out of 10, affects all versions prior to 12.3.2 (build 12.3.2.3617) of Veeam Backup & Replication, including the popular version 12.3.1.1139. According to the company, the vulnerability enables an authenticated domain user to execute arbitrary code on the backup server, completely compromising the data backup infrastructure.
The vulnerability was reported by the security teams at CODE WHITE GmbH and watchTowr, who alerted to the possibility that the previous patch for a similar vulnerability (CVE-2025-23120) could be bypassed, leaving the door open for targeted attacks even after recent updates.
Additional Vulnerabilities Fixed
Alongside this critical flaw, Veeam has addressed two other relevant vulnerabilities:
CVE-2025-24286 (CVSS 7.2): allowed an authenticated user with Backup Operator role to modify backup jobs and execute arbitrary code.
- CVE-2025-24287 (CVSS 6.1): affected Veeam Agent for Microsoft Windows, enabling local users to modify directories and execute code with elevated permissions. This last vulnerability has been fixed in version 6.3.2 (build 6.3.2.1205) of the agent.
Importance and Risks
According to data from Rapid7, over 20% of their incident response cases in 2024 were related to the exploitation or access to Veeam systems, demonstrating the attractiveness of this platform for cybercriminals once they gain initial access to a corporate environment.
The importance of updating is paramount, as after the patch release and public disclosure of the flaw, attackers quickly begin to analyze and attempt to exploit installations that have not been updated.
Recommendations for Administrators
Update immediately to Veeam Backup & Replication 12.3.2 (build 12.3.2.3617) or higher.
Also verify the update of Veeam Agent for Microsoft Windows to version 6.3.2.
Follow security best practices: restrict access to backup servers, use service accounts with minimum privileges, and monitor access logs.
- Stay informed of future security notices and vulnerabilities related to backup infrastructure.
Veeam’s Commitment to Transparency
Veeam reminded in their statement that they maintain a responsible disclosure program for vulnerabilities (VDP) and perform code audits to ensure the protection of their customers. Whenever a vulnerability is discovered, the company publishes technical details and recommendations, emphasizing the importance of applying patches without delay to prevent reverse engineering of the patch and subsequent attacks.
In a context where backup has become one of the primary targets of ransomware and other advanced threats, keeping Veeam updated and auditing access is essential for protecting the digital assets of any organization.
Source: Veeam