Summary: Veeam has issued security updates to fix a critical vulnerability in its Backup & Replication software that allows remote code execution by authenticated domain users. The weakness, identified as CVE-2025-23120, has a CVSS score of 9.9 and affects versions up to 12.3.0.310, necessitating an upgrade to version 12.3.1 to mitigate risks.
Affected: Veeam Backup & Replication Software
Keypoints :
- The vulnerability allows remote code execution (RCE) due to improper deserialization handling.
- Authenticated domain users can exploit this flaw, highlighting the urgency for users to patch their systems.
- The patch adds vulnerable deserialization gadgets to a blocklist but warns of potential risks from future discoveries.
Source: https://thehackernews.com/2025/03/veeam-and-ibm-release-patches-for-high.html