Veeam has released critical patches for its Backup & Replication software to address a significant security vulnerability identified as CVE-2025-23121. This flaw has been assigned a high CVSS score of 9.9, indicating that it could enable remote code execution (RCE) if exploited.
The vulnerability specifically allows authenticated domain users to execute code on the Backup Server, posing a substantial risk if left unaddressed. Veeam’s official advisory confirmed that all previous versions before 12.3.2, particularly 12.3.1.1139, are affected by this flaw. Users are encouraged to update to version 12.3.2 (build 12.3.2.3617) to secure their systems.
In addition, Veeam also addressed another significant vulnerability, identified as CVE-2025-24286, which carries a CVSS score of 7.2. This flaw allows authenticated users with the Backup Operator role to modify backup jobs, leading to potential arbitrary code execution. Furthermore, a vulnerability affecting Veeam Agent for Microsoft Windows (CVE-2025-24287), rated 6.1 in CVSS, permits local system users to alter directory contents, which could also lead to elevated privileges and code execution.
Rapid7, a cybersecurity firm, highlighted the importance of this update in light of their findings that over 20% of their incident response cases in 2024 involved exploiting Veeam software after an attacker had already breached the environment. This trend emphasizes the necessity for Veeam users to promptly implement the latest updates to mitigate potential risks, especially as these vulnerabilities have become prime targets for cyber attackers in recent years.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.