Veeam Backup and Replication Multiple Vulnerabilities (CVE-2025-23121, CVE-2025-24286, & CVE-2025-24287)

Posted by Author Diksha Ojha on Posted on

Veeam released a security advisory to address three vulnerabilities impacting its domain-joined Backup and replication systems. Tracked as CVE-2025-23121, CVE-2025-24286, and CVE-2025-24287, the vulnerabilities may lead to code execution upon successful exploitation.

Veeam Backup & Replication is one of the industry-leading backup, recovery, and data security solutions for all workloads, both on-premises and in the cloud. The software provides secure, robust, and reliable data protection. With a software-defined, hardware-independent solution, the software can eliminate downtime with instant recovery, protect from cyber threats with native immutability, and use validated backups.

CVE-2025-23121

Security researchers at watchTowr and CodeWhite discovered the vulnerability. It has a critical severity rating of 9.9 and a CVSS score of 9.9. The vulnerability may allow an authenticated domain user to execute remote code on the vulnerable Backup Server.

CVE-2025-24286

Nikolai Skliarenko with Trend Micro discovered the vulnerability. It has a high severity rating, with a CVSS score of 7.2. The vulnerability may allow an authenticated user with the Backup Operator role to modify backup jobs, which can lead to arbitrary code execution.

CVE-2025-24287

CrisprXiang, working with Trend Micro Zero Day Initiative, discovered the vulnerability. It has a medium severity rating and a CVSS score of 6.1. The vulnerability may allow local system users to modify directory contents, allowing for arbitrary code execution on the local system with elevated permissions.

Affected Versions

The vulnerabilities affect Veeam Backup & Replication 12.3.1.1139 and all earlier versions 12 builds.

Mitigation

Users must upgrade to Veeam Backup & Replication 12.3.2 (build 12.3.2.3617) to patch the vulnerabilities.

Please refer to the Veeam Security Advisory (KB4743) for more information.

Qualys Detection

Qualys customers can scan their devices with QID 383390 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://www.veeam.com/kb4743

Leave a Reply

Your email address will not be published. Required fields are marked *