​Veeam has launched safety updates in the present day to repair a number of Veeam Backup & Replication (VBR) flaws, together with a crucial distant code execution (RCE) vulnerability.
Tracked as CVE-2025-23121, this safety flaw was reported by safety researchers at watchTowr and CodeWhite, and it solely impacts domain-joined installations.
As Veeam defined in a Tuesday safety advisory, the vulnerability could be exploited by authenticated area customers in low-complexity assaults to achieve code execution remotely on the Backup Server. This flaw impacts Veeam Backup & Replication 12 or later, and it was fastened in model 12.3.2.3617, which was launched earlier in the present day.
Whereas CVE-2025-23121 solely impacts VBR installations joined to a site, any area person can exploit it, making it straightforward to abuse in these configurations.
Sadly, many corporations have joined their backup servers to a Home windows area, ignoring Veeam’s finest practices, which advise admins to make use of a separate Lively Listing Forest and shield the executive accounts with two-factor authentication.
In March, Veeam patched one other RCE vulnerability (CVE-2025-23120) in Veeam’s Backup & Replication software program that impacts domain-joined installations.
Ransomware gangs have additionally informed BleepingComputer years in the past that they all the time goal VBR servers as a result of they simplify stealing victims’ information and block restoration efforts by deleting backups earlier than deploying the ransomware payloads on the victims’ networks.
As Sophos X-Ops incident responders revealed in November, one other VBR RCE flaw (CVE-2024-40711) disclosed in September is now being exploited to deploy Frag ransomware.
The identical vulnerability was additionally used to achieve distant code execution on susceptible Veeam backup servers in Akira and Fog ransomware assaults beginning in October.
Previously, the Cuba ransomware gang and FIN7, a financially motivated risk group identified to collaborate with the Conti, REvil, Maze, Egregor, and BlackBasta ransomware gangs, had been additionally noticed exploiting VBR vulnerabilities.
Veeam’s merchandise are utilized by over 550,000 prospects worldwide, together with 82% of Fortune 500 corporations and 74% of International 2,000 companies.
Patching used to imply advanced scripts, lengthy hours, and countless fireplace drills. Not anymore.
On this new information, Tines breaks down how fashionable IT orgs are leveling up with automation. Patch quicker, cut back overhead, and give attention to strategic work — no advanced scripts required.
