CVE-2025-23120 (CVSS 9.9): Critical RCE Vulnerability Discovered in Veeam Backup & Replication

A critical-severity vulnerability (CVE-2025-23120) has been uncovered in Veeam Backup & Replication. With a CVSS score of 9.9, this flaw allows remote code execution (RCE) by authenticated domain users, posing a significant threat to enterprise environments reliant on Veeam’s widely deployed backup solution.

The vulnerability impacts Veeam Backup & Replication 12.3.0.310 and all earlier version 12 builds. Veeam has addressed this flaw in Veeam Backup & Replication 12.3.1 (build 12.3.1.1139), and organizations are strongly urged to apply the patch immediately.

Security researcher Piotr Bazydlo of watchTowr is credited with discovering the flaw. While no public proof-of-concept (PoC) exploit has been released at the time of this publication, the large deployment footprint of Veeam Backup & Replication makes it an attractive target for attackers.

Backup and disaster recovery solutions are a prime target for cybercriminals, particularly ransomware groups, as they offer a direct path to disrupting organizational data integrity. In the past, Veeam vulnerabilities have been actively exploited, making CVE-2025-23120 a serious concern for IT and security teams.

Moreover, Veeam Backup & Replication should never be exposed to the internet, as it serves as a more effective internal attack vector rather than an external one. Attackers with initial access to a compromised domain account could exploit this flaw to escalate privileges and execute arbitrary code, potentially gaining full control over the backup infrastructure.

Organizations using affected versions are strongly advised to upgrade to the patched version immediately.

Rate this post

Leave a Reply Cancel reply

Website

Related Posts:

Leave a Reply Cancel reply