Summary: Veeam has released a patch for a critical remote code execution vulnerability (CVE-2025-23120) affecting its Backup & Replication software, particularly in domain-joined installations. The flaw enables attackers to execute harmful code through a deserialization vulnerability in specific .NET classes. Organizations are urged to upgrade to the latest version to mitigate potential exploitation risks.
Affected: Veeam Backup & Replication software
Keypoints :
- The vulnerability affects Veeam Backup & Replication version 12.3.0.310 and earlier builds.
- Exploitable by any domain user, making Veeam installations highly vulnerable in domain environments.
- Organizations are advised to upgrade to version 12.3.1 and review Veeamโs best practices to enhance security.