Veeam recently patched a critical remote code execution vulnerability in its Backup and Replication software, with a severity score of 9.9. Although it requires authentication from domain users to exploit, researchers criticize the weakness in this requirement, asserting that many organizations lack proper Active Directory security. Veeam's attempt to shift blame onto users for failing to adhere to best practices has been questioned, considering the software's attractive target for ransomware groups. Experts advocate for a whitelist strategy over Veeam's blocklist system for better deserialization vulnerability mitigation.
Veeam's handling of an RCE vulnerability in Backup and Replication has drawn criticism for weak authentication requirements and ineffective mitigation strategies.
The severity of CVE-2025-23120 indicates significant risk, as any domain user can exploit the vulnerability, undermining Veeam's claims of user responsibility.
Collection
[
|
...
]