Veeam Backup & Replication RCE vulnerability CVE-2025-23120

Posted on 2025-03-19 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]Warning for users of Veeam Backup & Replication. Vendor Veeam has informed it's customers on March 19, 2025 about a Remote Code Execution (RCE) vulnerability CVE-2025-23120 in various versions of the mentioned product. It can be abused in domain joined environments. A security update is available to close this vulnerability.

Advertising

Germang blog readers Jonathan and Dennis pointed out the RCE vulnerability CVE-2025-23120 in Veeam products to me a few hours ago (thanks for that). In addition, several readers pointed this out in this German comment.

RCE vulnerability CVE-2025-23120

Veeam has published the knowledge base article kb4724 on the vulnerability CVE-2025-23120 on March 19, 2025. This is a vulnerability that allows remote code execution (RCE) by authenticated domain users.

The vulnerability has been rated with a CVSS v3.1 index of 9.9. Veeam points out that this vulnerability only affects domain-joined backup servers. However, the use of the software in this environment violates security and compliance best practices.

Veeam Backup & Replication 12.3.0.310 and all older builds of version 12 (i.e. 12.0, 12.1, 12.2, 12.3) are affected. The vulnerability has been fixed with Veeam Backup & Replication 12.3.1 (Build 12.3.1.1139).

Advertising
This entry was posted in Security, Software and tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).