{"id":37448,"date":"2025-03-19T23:45:31","date_gmt":"2025-03-19T22:45:31","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=37448"},"modified":"2025-03-19T23:45:31","modified_gmt":"2025-03-19T22:45:31","slug":"veeam-backup-replication-rce-vulnerability-cve-2025-23120","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2025\/03\/19\/veeam-backup-replication-rce-vulnerability-cve-2025-23120\/","title":{"rendered":"Veeam Backup & Replication RCE vulnerability CVE-2025-23120"},"content":{"rendered":"

\"Sicherheit[German<\/a>]Warning for users of Veeam Backup & Replication. Vendor Veeam has informed it's customers on March 19, 2025 about a Remote Code Execution (RCE) vulnerability CVE-2025-23120 in various versions of the mentioned product. It can be abused in domain joined environments. A security update is available to close this vulnerability.<\/p>\n

<\/p>\n

Germang blog readers Jonathan and Dennis pointed out the RCE vulnerability CVE-2025-23120 in Veeam products to me a few hours ago (thanks for that). In addition, several readers pointed this out in this German comment<\/a>.<\/p>\n

RCE vulnerability CVE-2025-23120<\/h2>\n

Veeam has published the knowledge base article kb4724<\/a> on the vulnerability CVE-2025-23120 on March 19, 2025. This is a vulnerability that allows remote code execution (RCE) by authenticated domain users.<\/p>\n

The vulnerability has been rated with a CVSS v3.1 index of 9.9. Veeam points out that this vulnerability only affects domain-joined backup servers. However, the use of the software in this environment violates security and compliance best practices.<\/p>\n

Veeam Backup & Replication 12.3.0.310 and all older builds of version 12 (i.e. 12.0, 12.1, 12.2, 12.3) are affected. The vulnerability has been fixed with Veeam Backup & Replication 12.3.1 (Build 12.3.1.1139)<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

[German]Warning for users of Veeam Backup & Replication. Vendor Veeam has informed it's customers on March 19, 2025 about a Remote Code Execution (RCE) vulnerability CVE-2025-23120 in various versions of the mentioned product. It can be abused in domain joined … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547],"tags":[571,69,1544,195,2835],"class_list":["post-37448","post","type-post","status-publish","format-standard","hentry","category-security","category-software","tag-backup","tag-security","tag-software","tag-update","tag-veeam"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/37448","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=37448"}],"version-history":[{"count":1,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/37448\/revisions"}],"predecessor-version":[{"id":37449,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/37448\/revisions\/37449"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=37448"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=37448"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=37448"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}