Code Execution Vulnerabilities Patched in Veeam, BeyondTrust Products

Code Execution Vulnerabilities Patched in Veeam, BeyondTrust Products

Posted on By CWS

Veeam and BeyondTrust on Tuesday introduced patches for a number of vulnerabilities that might be exploited to execute arbitrary code.

BeyondTrust launched fixes for a high-severity safety defect in its Distant Help (RS) and Privileged Distant Entry (PRA) merchandise, warning that it may possibly result in distant code execution (RCE) by template injection.

Tracked as CVE-2025-5309 (CVSS rating of 8.6), the flaw is described as a server-side template injection difficulty within the chat characteristic of RS and PRA.

The bug exists as a result of enter supposed for the template engine will not be correctly escaped, and permits attackers to execute code within the context of the server. Attackers can exploit the vulnerability towards RS deployments with out authentication.

In keeping with BeyondTrust, the flaw impacts RS and PRA variations 24.2.2 to 24.2.4, 24.3.1 to 24.3.3, and 25.1.1. Patches had been rolled out for all affected cloud iterations and can be found for obtain for on-premises deployments.

Veeam on Tuesday introduced the discharge of Veeam Backup & Replication 12.3.2 with fixes for 2 safety defects that would result in code execution.

The primary, tracked as CVE-2025-23121 (CVSS rating of 9.9), is a essential bug that permits a distant, authenticated area person to execute arbitrary code on the Backup Server.

The second, tracked as CVE-2025-24286, is a high-severity difficulty that permits an attacker authenticated as a Backup Operator to tamper with backup jobs, which might result in code execution.Commercial. Scroll to proceed studying.

Moreover, Veeam resolved a medium-severity vulnerability in Veeam Agent for Microsoft Home windows that would permit native customers with System privileges to switch listing contents and execute arbitrary code.

Neither BeyondTrust nor Veeam point out any of those safety defects being exploited within the wild. Nevertheless, risk actors have been noticed exploiting flaws of their merchandise and customers are suggested to replace their installations as quickly as attainable.

Associated: Organizations Warned of Vulnerability Exploited In opposition to Discontinued TP-Hyperlink Routers

Associated: Asus Armoury Crate Vulnerability Results in Full System Compromise

Associated: Cisco Patches Excessive-Severity DoS, Privilege Escalation Vulnerabilities

Associated: GitLab, Atlassian Patch Excessive-Severity Vulnerabilities

Security Week News Tags:, , , , , ,

Related Posts

In Other News: Iranian Ships Hacked, Verified Android Developers, AI Used in Attacks In Other News: Iranian Ships Hacked, Verified Android Developers, AI Used in Attacks Security Week News
Mesh Security Raises Million for CSMA Platform Mesh Security Raises $12 Million for CSMA Platform Security Week News
US Sanctions Myanmar Militia Involved in Cyber Scams  US Sanctions Myanmar Militia Involved in Cyber Scams  Security Week News
Police in Brazil Arrest a Suspect Over 0M Banking Hack Police in Brazil Arrest a Suspect Over $100M Banking Hack Security Week News
MITRE Unveils ATT&CK v18 With Updates to Detections, Mobile, ICS MITRE Unveils ATT&CK v18 With Updates to Detections, Mobile, ICS Security Week News
DOJ Antitrust Review Clears Google’s Billion Acquisition of Wiz DOJ Antitrust Review Clears Google’s $32 Billion Acquisition of Wiz Security Week News