Veeam has launched safety updates as we speak to repair a number of Veeam Backup & Replication (VBR) flaws, together with a important distant code execution (RCE) vulnerability.
Tracked as CVE-2025-23121, this safety flaw was reported by safety researchers at watchTowr and CodeWhite, and it solely impacts domain-joined installations.
As Veeam defined in a Tuesday safety advisory, the vulnerability might be exploited by authenticated area customers in low-complexity assaults to realize code execution remotely on the Backup Server. This flaw impacts Veeam Backup & Replication 12 or later, and it was fastened in model 12.3.2.3617, which was launched earlier as we speak.
Whereas CVE-2025-23121 solely impacts VBR installations joined to a website, any area person can exploit it, making it straightforward to abuse in these configurations.
Sadly, many corporations have joined their backup servers to a Home windows area, ignoring Veeam’s greatest practices, which advise admins to make use of a separate Energetic Listing Forest and defend the executive accounts with two-factor authentication.
In March, Veeam patched one other RCE vulnerability (CVE-2025-23120) in Veeam’s Backup & Replication software program that impacts domain-joined installations.
Ransomware gangs have additionally instructed BleepingComputer years in the past that they all the time goal VBR servers as a result of they simplify stealing victims’ knowledge and block restoration efforts by deleting backups earlier than deploying the ransomware payloads on the victims’ networks.
As Sophos X-Ops incident responders revealed in November, one other VBR RCE flaw (CVE-2024-40711) disclosed in September is now being exploited to deploy Frag ransomware.
The identical vulnerability was additionally used to realize distant code execution on susceptible Veeam backup servers in Akira and Fog ransomware assaults beginning in October.
Previously, the Cuba ransomware gang and FIN7, a financially motivated menace group identified to collaborate with the Conti, REvil, Maze, Egregor, and BlackBasta ransomware gangs, have been additionally noticed exploiting VBR vulnerabilities.
Veeam’s merchandise are utilized by over 550,000 clients worldwide, together with 82% of Fortune 500 corporations and 74% of International 2,000 corporations.
Patching used to imply complicated scripts, lengthy hours, and countless hearth drills. Not anymore.
On this new information, Tines breaks down how trendy IT orgs are leveling up with automation. Patch sooner, cut back overhead, and concentrate on strategic work — no complicated scripts required.
