Summary: Veeam has released patches for a critical vulnerability, CVE-2025-23120, in its Backup & Replication software that could allow remote code execution by authenticated domain users. The issue stems from inadequate deserialization procedures within the product, making it susceptible to exploitation. Users are advised to upgrade to the latest version 12.3.1 to mitigate risks associated with this flaw.
Affected: Veeam Backup & Replication
Keypoints:
- CVE-2025-23120 has a CVSS score of 9.9 and allows remote code execution.
- Version 12.3.0.310 and previous builds are affected; users should update to version 12.3.1.
- The vulnerability is linked to broader issues in Veeamβs deserialization mechanism.
- Authentication for exploitation is required but is considered weak.
- Previous vulnerabilities related to deserialization in Veeam have been reported, raising further concerns.
Source: https://www.securityweek.com/veeam-patches-critical-vulnerability-in-backup-replication/