Veeam Releases Security Updates for Backup & Replication and Windows Agent

Security bulletin addresses critical severity vulnerabilities that could allow for remote code execution and privilege escalation

Threat ID:: CC-4671
Threat Severity:: Medium
Published:: 18 June 2025 11:44 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Security bulletin addresses critical severity vulnerabilities that could allow for remote code execution and privilege escalation

Affected platforms

The following platforms are known to be affected:

Versions: 12.3.1.1139 and all earlier version 12 builds

Veeam Backup & Replication

Versions: 6.3.1.1074 and all earlier version 6 builds

Veeam Agent for Microsoft Windows

Threat details

Unsupported versions should be considered vulnerable

Veeam states "Unsupported product versions are not tested, but are likely affected and should be considered vulnerable."

Introduction

Veeam has released a security bulletin to address three vulnerabilities in Backup & Replication and Veeam Agent for Microsoft Windows. Veeam Backup & Replication is a proprietary backup application for virtual environments built on various hypervisors.

Backup and recovery solutions often targeted by attackers

Enterprise backup and disaster recovery applications are valuable targets for cyber threat groups. Vulnerabilities in backup and disaster recovery applications are often exploited in the wild by ransomware groups shortly after official disclosure, to increase the difficulty of recovery after an attack.

Vulnerability details

CVE-2025-23121 is a critical vulnerability in Veeam Backup & Replication with a CVSSv3 score of 9.9. Successful exploitation could allow an authenticated domain user to execute code remotely. Note: CVE-2025-23121 only impacts domain-joined backup servers, which is against Veeam's Security & Compliance Best Practices.
CVE-2025-24286 is a high severity vulnerability in Backup & Replication with a CVSSv3 score of 7.2. Successful exploitation could allow an authenticated user with the "Backup Operator" role to modify backup jobs, which could lead to arbitrary code execution.
CVE-2025-24287 is a medium severity vulnerability in Veeam Agent for Microsoft Windows with a CVSSv3 score of 6.1. Successful exploitation could allow a local user to modify directory contents, allowing for arbitrary code execution on the local system with elevated permissions.

Remediation advice

Affected organisations are strongly encouraged to review Veeam Security Bulletin kb4743 and apply the latest update.

Definitive source of threat updates

https://www.veeam.com/kb4743

CVE Vulnerabilities

Status Reserved

CVE-2025-23121

Status Reserved

CVE-2025-24286

Status Reserved

CVE-2025-24287

Last edited: 18 June 2025 11:44 am