Veeam has reported a significant Remote Code Execution (RCE) vulnerability (CVE-2025-23120) that jeopardizes backup servers, particularly those tied to a specific domain. This deserialization vulnerability allows unauthorized users to potentially execute malicious code if they can authenticate with the Veeam Backup & Replication servers. WatchTowr Labs has identified a new exploitation method and warns that the patch must be applied urgently, as the vulnerability affects version 12.3.0.310 and prior builds. Users are advised to upgrade to version 12.3.1 immediately to mitigate risks.
A critical vulnerability in Veeam Backup & Replication allows hackers to exploit backup servers through a deserialization flaw, risking data integrity.
Researchers found that the RCE vulnerability, CVE-2025-23120, affects all previous versions of Veeam Backup & Replication and could be exploited easily.
Veeam has released a patch for the vulnerability, which end users are urged to apply to prevent potential exploits and data breaches.
Collection
[
|
...
]