Critical RCE Bug Rated 9.9 CVSS in Backup & Replication

Critical RCE Bug Rated 9.9 CVSS in Backup & Replication

Posted on By CWS

Jun 18, 2025Ravie LakshmananVulnerability / Knowledge Safety

Veeam has rolled out patches to include a crucial safety flaw impacting its Backup & Replication software program that would end in distant code execution beneath sure circumstances.
The safety defect, tracked as CVE-2025-23121, carries a CVSS rating of 9.9 out of a most of 10.0.
“A vulnerability permitting distant code execution (RCE) on the Backup Server by an authenticated area consumer,” the corporate mentioned in an advisory.
CVE-2025-23121 impacts all earlier model 12 builds, together with 12.3.1.1139. It has been addressed in model 12.3.2 (construct 12.3.2.3617). Safety researchers at CODE WHITE GmbH and watchTowr have been credited with discovering and reporting the vulnerability.

Cybersecurity firm Rapid7 famous that the replace doubtless addresses considerations shared by CODE WHITE in late March 2025 that the patch put in place to plug the same gap (CVE-2025-23120, CVSS rating: 9.9) might be bypassed.
Additionally addressed by Veeam is one other flaw in the identical product (CVE-2025-24286, CVSS rating: 7.2) that enables an authenticated consumer with the Backup Operator position to switch backup jobs, which might end in arbitrary code execution.
The American firm individually patched a vulnerability that affected Veeam Agent for Microsoft Home windows (CVE-2025-24287, CVSS rating: 6.1) that allows native system customers to switch listing contents, resulting in code execution with elevated permissions. The problem has been patched in model 6.3.2 (construct 6.3.2.1205).
In keeping with Rapid7, greater than 20% of its incident response instances in 2024 concerned both the entry or exploitation of Veeam, as soon as a risk actor has already established a foothold within the goal atmosphere.
With safety flaws in Veeam backup software program turning into a main goal for attackers in recent times, it is essential that prospects replace to the most recent model of the software program with speedy impact.

Discovered this text attention-grabbing? Comply with us on Twitter  and LinkedIn to learn extra unique content material we publish.

The Hacker News Tags:, , , , , ,

Related Posts

Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control The Hacker News
Cybercriminals Clone Antivirus Site to Spread Venom RAT and Steal Crypto Wallets Cybercriminals Clone Antivirus Site to Spread Venom RAT and Steal Crypto Wallets The Hacker News
Understanding Magecart Threats in Web Supply Chains Understanding Magecart Threats in Web Supply Chains The Hacker News
Hacktivist Surge: 149 DDoS Attacks Across 16 Nations Hacktivist Surge: 149 DDoS Attacks Across 16 Nations The Hacker News
Cybercriminals Target AI Users with Malware-Loaded Installers Posing as Popular Tools Cybercriminals Target AI Users with Malware-Loaded Installers Posing as Popular Tools The Hacker News
Europol Shuts Down Six DDoS-for-Hire Services Used in Global Attacks Europol Shuts Down Six DDoS-for-Hire Services Used in Global Attacks The Hacker News