Veeam fixes another critical RCE bug in Backup & Replication
Briefly

Veeam Backup & Replication users are strongly advised to update to the latest patches addressing CVE-2025-23121, a severe vulnerability that allows remote code execution on domain-joined backup servers. This follows a similar vulnerability, CVE-2025-23120, disclosed previously, both scoring 9.9 on the CVSS. Security researchers suggest these issues stem from the same underlying flaws related to Microsoft's deprecated BinaryFormatter. Veeam has developed mitigation strategies but continues to face challenges due to the nature of the vulnerabilities, which make it difficult to ensure complete security.
The recent vulnerability in Veeam Backup & Replication, CVE-2025-23121, highlights the urgent need for users to apply patches to prevent possible remote code execution.
Veeam's continued use of BinaryFormatter for deserialization poses a security risk, necessitating the need for workarounds that may never fully eliminate vulnerabilities.
Read at Theregister
[
|
]