
A critical vulnerability (CVE-2025-23114, CVSS 9.0) has been discovered in the Veeam Updater component, a core part of many Veeam backup and replication products. This vulnerability allows attackers to perform a Man-in-the-Middle (MitM) attack, potentially gaining root-level permissions on affected appliance servers.
The vulnerability affects a range of Veeam products, including:
- Veeam Backup for Salesforce: Versions 3.1 and older
- Veeam Backup for Nutanix AHV: Versions 5.0 and 5.1
- Veeam Backup for AWS: Versions 6a and 7
- Veeam Backup for Microsoft Azure: Versions 5a and 6
- Veeam Backup for Google Cloud: Versions 4 and 5
- Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization: Versions 3, 4.0, and 4.1
The flaw resides within the Veeam Updater, a component responsible for managing updates across multiple Veeam backup products. Exploiting CVE-2025-23114 could allow an attacker positioned between the vulnerable Veeam appliance and its update server to intercept and tamper with update requests, injecting malicious code into the system. Given that this grants root access, attackers could achieve complete system compromise, leading to potential data theft, ransomware deployment, or persistent access within an organization’s infrastructure.
Veeam has addressed this vulnerability in updated versions of the Veeam Updater component. The following table outlines the specific versions that resolve the vulnerability for each affected product:
Product | Updater Version |
---|---|
Veeam Backup for Salesforce | 7.9.0.1124 |
Veeam Backup for Nutanix AHV | 9.0.0.1125 |
Veeam Backup for AWS | 9.0.0.1126 |
Veeam Backup for Microsoft Azure | 9.0.0.1128 |
Veeam Backup for Google Cloud | 9.0.0.1128 |
Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization | 9.0.0.1127 |
Users of affected Veeam products are strongly urged to update their systems immediately. This can be done by using the built-in Veeam Updater to update the Veeam Updater component itself. Users can check their current Updater version by viewing the update history within the product.
It’s important to note that if you are running Veeam Backup & Replication 12.3 and have already updated your appliances, you are likely not affected by this vulnerability. However, it’s always best to confirm your Updater version to be certain.
Related Posts:
- Veeam Backup & Replication Vulnerabilities Exposed: High-Severity Flaws Put Data at Risk
- Veeam Backup & Replication Faces RCE Flaw– CVE-2024-40711 (CVSS 9.8) Allows Full System Takeover
- PoC Exploit Releases for Unauthenticated RCE CVE-2024-40711 in Veeam Backup & Replication
- Fog & Akira Ransomware Exploit Critical Veeam RCE Flaw CVE-2024-40711 After PoC Release