Veeam Software program has disclosed three severe safety flaws in its Backup & Replication suite and Agent for Microsoft Home windows, which allow distant code execution and privilege escalation, doubtlessly compromising enterprise backup infrastructures.
These vulnerabilities, patched in current updates, primarily have an effect on domain-joined techniques in model 12 of the software program. Organizations are urged to use fixes instantly to forestall potential information breaches or ransomware exploitation.
CVE IDDescriptionSeverityCVSS v3.1 ScoreAffected VersionsPatched VersionCVE-2025-48983Veeam Backup & Replication 12.3.2.3617 and all earlier variations 12 buildsCritical9.9Veeam Backup & Replication 12.3.2.3617 and all earlier model of 12 builds12.3.2.4165 PatchCVE-2025-48984Vulnerability permitting RCE on the Backup Server by an authenticated area userCritical9.9Veeam Agent for Microsoft Home windows 6.3.2.1205 and all earlier variations 6 builds12.3.2.4165 PatchCVE-2025-48982Local Privilege Escalation in Veeam Agent for Microsoft Home windows if an administrator is tricked into restoring malicious fileHigh7.3Local Privilege Escalation in Veeam Agent for Microsoft Home windows if administrator is tricked into restoring malicious file6.3.2.1302
Mount Service RCE Threatens Backup Hosts
The primary vital challenge, CVE-2025-48983, resides within the Mount service of Veeam Backup & Replication, permitting an authenticated area consumer to execute arbitrary code on backup infrastructure hosts.
With a CVSS v3.1 rating of 9.9, this flaw was reported by CODE WHITE and impacts all model 12 builds as much as 12.3.2.3617, together with unsupported older releases, that are possible susceptible.
Veeam notes that solely domain-joined configurations are in danger, whereas the Veeam Software program Equipment and forthcoming model 13 stay architecturally unaffected.
The patch, construct 12.3.2.4165, resolves the difficulty by hardening the service towards unauthorized code injection. Directors are suggested to comply with Veeam’s finest practices, favoring workgroup setups over area integration for enhanced safety.
Backup Server Uncovered To Area Person Assaults
Equally extreme is CVE-2025-48984, one other RCE vulnerability concentrating on the Backup Server itself, exploitable by authenticated area customers with an ideal 9.9 CVSS rating.
Found by Sina Kheirkhah and Piotr Bazydlo of watchTowr, it shares the identical affected variations as CVE-2025-48983, restricted to domain-joined Veeam Backup & Replication v12 environments.
Unsupported variations needs to be handled as susceptible, although not explicitly examined. The identical patch, 12.3.2.4165, eliminates this threat, emphasizing the necessity for swift updates in hybrid or Energetic Listing-integrated setups.
This flaw underscores the hazards of over-privileged area entry in backup techniques, doubtlessly enabling lateral motion throughout networks.
Agent’s Restore Flaw Permits Privilege Escalation
Complementing the RCE points, CVE-2025-48982 impacts Veeam Agent for Microsoft Home windows, allowing native privilege escalation if an administrator restores a malicious file, rated excessive severity at 7.3 CVSS.
Reported anonymously by way of Development Micro’s Zero Day Initiative, it hits variations as much as 6.3.2.1205, built-in with Backup & Replication or standalone.
Exploitation requires tricking a consumer into restoration, however might elevate attacker privileges considerably. Fastened in construct 6.3.2.1302, this patch is essential for endpoint safety in Home windows environments.
Veeam recommends verifying all agent cases and isolating backups to mitigate social engineering dangers. Organizations utilizing affected variations ought to prioritize updates to safeguard towards code execution threats.
Observe us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to function your tales.
