<img src="https://secure.leadforensics.com/86554.png" alt="" style="display:none;">

Bulletin: Veeam Backup and Replication

Vulnerability in Veeam Backup & Replication (CVE-2025-23120)

Written on: Mar 21, 2025 11:44:30 AM

Written by: Alex Raben

Topic

[Data Management, Data Security, COOLSPIRiT]

Critical Remote Code Execution Vulnerability in Veeam Backup & Replication (CVE-2025-23120)

Proof-of-concept (PoC) exploit code has been made publicly available for CVE-2025-23120, a critical severity remote code execution vulnerability affecting Veeam Backup & Replication. If your organization uses Veeam Backup & Replication, we strongly recommend reviewing this bulletin and taking the necessary steps to mitigate the associated risk.

 Summary

On March 19, 2025, Veeam published a security advisory for a critical severity vulnerability impacting their Backup & Replication software. The advisory did not provide technical details regarding the vulnerability, although it did mention that it could be exploited by authenticated domain users. 

On March 20, 2025, watchTowr Labs released a technical report detailing the vulnerability and providing proof-of-concept (PoC) exploit code. In the report, watchTowr specified that the vulnerability can be exploited by any user that belongs to the same local users group as the Windows device hosting a Veeam server. Additionally, if the server has been joined to an Active Directory (AD) domain, any domain user can exploit the vulnerability. They state that CVE-2025-23120 is very similar to a previous vulnerability, CVE-2024-40711, a deserialization of untrusted data vulnerability with a malicious payload which can allow for RCE in Veeam Backup & Replication. The PoC provided in the article uses an exploit for CVE-2024-40711 with slight alterations to update it for CVE-2025-23120. 

Historically Veeam Backup & Replication has been a frequent target for ransomware groups due to its critical role in backup and recovery. Arctic Wolf previously reported Veeam addressing multiple vulnerabilities in a September 2024 security bulletin. 

Recommendation

Upgrade to Latest Fixed Version 

Arctic Wolf strongly recommends that customers upgrade to the latest fixed version of Veeam Backup & Replication. 

Product           
Veeam Backup & Replication

Affected Version
12.3.0.310 and all earlier version 12 builds    

Fixed Version
12.3.1 (build 12.3.1.1139) 

Please follow your organization's patching and testing guidelines to minimize potential operational impact. 

References

 


Article Information Source: Artic Wolf

If you need further advice or help contact us today: hello@coolspirit.co.uk

Discover our latest insights

Enhance your knowledge by browsing our extensive library of case studies, brief sheets, data sheets, ebooks and white papers. If you have any immediate queries or requests, why not reach out to our team?

Certifications condensed

COOLSPIRiT BSI Cert. Nos: FS 550303, IS 733967, EMS 753310, ITMS 764053

Registered in England No: 3600170 All rights reserved. | Copyright © COOLSPIRiT Ltd 2024 | Cookie Policy | Privacy Policy