Security Advisory on Resolved Vulnerabilities in Veeam Backup & Replication 12.3.2
Concerning Veeam Backup & Replication | 12 | 12.1 | 12.2 | 12.3 | 12.3.1, and Veeam Agent for Microsoft Windows | 6.0 | 6.1 | 6.2 | 6.3 | 6.3.1
This is a Press Release edited by StorageNewsletter.com on June 19, 2025 at 2:00 pmVeeam Software, Inc. had published a security advisory concerning resolved vulnerabilities in Veeam Backup & Replication 12.3.2.
|
KB ID: |
4743 |
|
Product: |
Veeam Backup & Replication | 12 | 12.1 | 12.2 | 12.3 | 12.3.1 |
|
Published: |
2025-06-17 |
|
Last Modified: |
2025-06-17 |
Issue Details:
CVE-2025-23121
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.
Severity: Critical
CVSS v3.0 Score: 9.9
Source: Reported by watchTowr and CodeWhite.
Affected Product:
Veeam Backup & Replication 12.3.1.1139 and all earlier version 12 builds.
Note: Unsupported product versions are not tested, but are likely affected and should be considered vulnerable.
Solution:
This vulnerability was fixed starting in the following build:
CVE-2025-24286
A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code.
Severity: High
CVSS v3.1 Score: 7.2
Source: Reported by Nikolai Skliarenko with Trend Micro.
Affected Product:
Veeam Backup & Replication 12.3.1.1139 and all earlier version 12 builds.
Note: Unsupported product versions are not tested, but are likely affected and should be considered vulnerable.
Solution:
This vulnerability was fixed starting in the following build:
CVE-2025-24287
A vulnerability allowing local system users to modify directory contents, allowing for arbitrary code execution on the local system with elevated permissions.
Severity: Medium
CVSS v3.1 Score: 6.1
Source: Reported by CrisprXiang working with Trend Micro Zero Day Initiative.
Affected Product :
Veeam Agent for Microsoft Windows 6.3.1.1074 and all earlier version 6 builds.
Note: Unsupported product versions are not tested, but are likely affected and should be considered vulnerable.
Solution:
This vulnerability was fixed starting in the following build:
-
Veeam Agent for Microsoft Windows 6.3.2 (build 6.3.2.1205)
Veeam Agent for Microsoft Windows is included with Veeam Backup & Replication and available as a standalone application.
Subscribe to our free daily newsletter
