[German]On October 14, 2025, Veeam released patch 12.3.2.4165 for its Veeam Backup & Replication product. According to the manufacturer, this patch is intended to eliminate several vulnerabilities. However, a reader informed me that he was unable to install this patch from the ISO file.
Maximilian from Germany informed me in a private message about a security patch 12.3.2.4165 for its product Veeam Backup & Replication.
Veeam has documented the whole issue in support article kb4771. Veeam Backup & Replication 12, 12.1, 12.2, 12.3, 12.3.1, and 12.3.2 are affected by the vulnerabilities. The patch closes the following vulnerabilities:
- CVE-2025-48983: A vulnerability (CVSS v3.1 score: 9.9, critical) in the mount service of Veeam Backup & Replication up to build 12.3.2.3617 (and below). Allows an authenticated domain user to execute remote code on the hosts of the backup infrastructure (RCE). This vulnerability only affects Veeam Backup & Replication v12 backup infrastructure servers that belong to a domain.
- CVE-2025-48984: A vulnerability (CVSS v3.1 score: 9.9, critical) that allows remote code execution (RCE) on the backup server by an authenticated domain user. This vulnerability only affects Veeam Backup & Replication v12 backup servers that belong to a domain. The affected product is Veeam Backup & Replication 12.3.2.3617 and all earlier versions 12.
- CVE-2025-48982: This vulnerability (CVSS v3.1 score: 7.3, high) in Veeam Agent for Microsoft Windows allows local privilege escalation if a system administrator is tricked into restoring a malicious file. The affected product is Veeam Agent for Microsoft Windows 6.3.2.1205 and all earlier versions 6. Unsupported product versions have not been tested but are likely to be affected as well and should be considered vulnerable.
CVE-2025-48982 has been fixed in Veeam Agent for Microsoft Windows 6.3.2.1302 and later. The other vulnerabilities have been fixed in Veeam Backup & Replication 12.3.2.4165 Patch.
Patch can't be installed from ISO
Blog reader Maximilian wrote to me: "The update with the ISO doesn't work. Apparently there's something wrong with the ISO – maybe others have the same problem. I'll have to open a Veeam call." Other readers confirmed, that they also have issues. They installed the patch as an .exe file.
