A critical vulnerability, CVE-2025-23120, has been discovered in Veeam Backup & Replication, affecting versions 12, 12.1, 12.2, and 12.3. This flaw allows authenticated domain users to execute remote code, posing a significant security risk with a CVSS v3.1 score of 9.9. The vulnerability targets domain-joined backup servers, which violates Security & Compliance Best Practices, exposing organizations to potential exploitation if systems are improperly configured.
The vulnerability was reported by Piotr Bazydlo of watchTowr, emphasizing the vital role of community collaboration in identifying and addressing security flaws.
This issue is especially dangerous in environments where domain access is not tightly controlled, as it increases the likelihood of unauthorized access and malicious activity. Organizations must ensure their configurations are secure to prevent potential breaches.
Veeam has responded swiftly, releasing an update to address the issue.
Users are urged to upgrade to Veeam Backup & Replication version 12.3.1 (build 12.3.1.1139). This update aims to mitigate the risk of remote code execution, reinforcing the importance of patching vulnerabilities promptly.
Veeam’s proactive approach also includes a Vulnerability Disclosure Program (VDP) and regular internal code audits. These measures reflect the company’s commitment to enhancing customer security. Through transparent disclosures and effective solutions, Veeam works to protect users from potential threats and exploits.
To prevent exploitation, it’s essential for organizations to apply the update as soon as possible. Timely patching can prevent attacks, as cybercriminals often target systems that haven’t been updated. By following Veeam’s advice and maintaining secure configurations, organizations can minimize the risk of falling victim to such vulnerabilities in the future.
