Summary: A critical-severity vulnerability (CVE-2025-23120) affecting Veeam Backup & Replication can lead to remote code execution by authenticated users, with a CVSS score of 9.9. This flaw impacts version 12.3.0.310 and all earlier builds, prompting urgent patching to the newly released version 12.3.1. Organizations are cautioned about the potential threats to data integrity and privilege escalation associated with this vulnerability.
Affected: Veeam Backup & Replication 12.3.0.310 and earlier versions
Keypoints :
- Vulnerability allows remote code execution by authenticated users.
- Patch is available in version 12.3.1 (build 12.3.1.1139).
- Large deployment footprint makes it a significant target for attackers.
- Backup solutions like Veeam are prime targets for cybercriminals, particularly ransomware groups.
- Organizations should never expose Veeam Backup & Replication to the internet.
- Exploiting this flaw could allow attackers to gain full control over backup infrastructure.