[German]A critical vulnerability CVE-2025-23114 has been reported in the Veeam Updater. This vulnerability could be used to carry out man in the middle attacks. This affects various products from the provider. Veeam has published corresponding security updates to close the vulnerability.
Advertising
Critical vulnerability CVE-2025-23114
I became aware of the vulnerability in question, CVE-2025-23114, which has been classified as critical with a CVSS score of 9.0, via the following tweets.
Veeam has published this security advisory (KB4712) with vulnerability information as of February 4, 2025. Veeam has confirmed a Man in the Middle vulnerability in its Veeam Updater that affects the following products:
Veeam Backup for Salesforce 3.1 and older
Veeam Backup for Nutanix AHV5.0 or 5.1
Veeam Backup for AWS 6a or 7
Veeam Backup for Microsoft Azure 5a or 6
Veeam Backup for Google Cloud 4 or 5
Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization 3, 4.0 or 4.1
Affected versions should be updated as soon as possible. The following steps can be used to check whether you are affected:
Advertising
- Go to the Configuration page on your appliance (top right)
- Select Support Information → Updates
- Click Check and View Updates
- Goto History-Tab
The update can be carried out via the Auto-Updater. The risk of being attacked during the auto-update process should be low.
Advertising
