A critical vulnerability in Veeam Backup & Replication systems that allows authenticated domain users to execute remote code, potentially compromising enterprise backup infrastructures.
The vulnerability, identified as CVE-2025-23120, carries a severe CVSS score of 9.9, indicating its high potential for exploitation and organizational impact.
This significant vulnerability in Veeam Backup & Replication systems allows authenticated domain users to perform remote code execution (RCE), giving attackers potential control over affected systems.
.png
)
Veeam Backup & Replication Vulnerability
Veeam Backup & Replication, with its large deployment footprint across enterprise environments, represents a significant target for cybercriminals, particularly ransomware operators seeking to disable recovery options before launching attacks.
Security researcher Piotr Bazydlo of watchTowr discovered this critical flaw, which affects Veeam Backup & Replication 12.3.0.310 and all earlier version 12 builds.
Veeam’s advisory says, “This vulnerability only impacts domain-joined backup servers, which is against the Security & Compliance Best Practices.”
Despite this configuration being discouraged, security experts believe it remains common in many enterprise environments.
| Risk Factors | Details |
| Affected Products | Veeam Backup & Replication 12.3.0.310 and all earlier version 12 builds |
| Impact | Remote Code Execution (RCE) |
| Exploit Prerequisites | Requires authenticated domain user access |
| CVSS 3.1 Score | 9.9 (Critical) |
While no public proof-of-concept exploit has been released at the time of publication, the high CVSS score underscores the severity of the potential impact.
Security researchers emphasize that Veeam Backup & Replication should never be exposed to the internet as it functions more effectively as an internal attack vector rather than an external one.
More than 20% of incident response cases 2024 involved Veeam being accessed or exploited after attackers established an initial foothold in target environments.
This statistic highlights why backup systems are prime targets for malicious actors looking to cripple an organization’s ability to recover from attacks.
Mitigations
Veeam has released a security update to address the vulnerability. Organizations using affected versions should immediately upgrade to Veeam Backup & Replication 12.3.1 (build 12.3.1.1139).
Security professionals strongly advise against waiting for regular patch cycles and recommend implementing this critical security update immediately.
The patch can be downloaded from Veeam’s official channels, with verification available through the following hash checksums:
- MD5: 70E802E77F3FC109E85F8FA859F31950
- SHA1: 308E6AE02474208A08418734598CFBA0E7AF82D0
This alert follows other recent CISA warnings about critical vulnerabilities in enterprise software, including flaws in Oracle WebLogic Server and Mitel MiCollab systems that are actively exploited.
The frequency of these high-severity vulnerabilities in backup solutions underscores the importance of maintaining rigorous patch management protocols.
Organizations should verify their patch status immediately and implement appropriate security controls to mitigate exploitation risks.
As backup systems represent the last line of defense against data loss and ransomware attacks, prioritizing their security is essential for maintaining business continuity and data integrity.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
