Veeam has launched patches to handle a important security flaw impacting its Backup software program that would permit an attacker to execute arbitrary code on vulnerable methods.
The vulnerability, tracked as CVE-2025-23114, carries a CVSS rating of 9.0 out of 10.0.
“A vulnerability inside the Veeam Updater element that permits an attacker to make the most of a Man-in-the-Center assault to execute arbitrary code on the affected equipment server with root-level permissions,” Veeam mentioned in an advisory.
The shortcoming impacts the next merchandise –
- Veeam Backup for Salesforce — 3.1 and older
- Veeam Backup for Nutanix AHV — 5.0 | 5.1 (Variations 6 and better are unaffected by the flaw)
- Veeam Backup for AWS — 6a | 7 (Model 8 is unaffected by the flaw)
- Veeam Backup for Microsoft Azure — 5a | 6 (Model 7 is unaffected by the flaw)
- Veeam Backup for Google Cloud — 4 | 5 (Model 6 is unaffected by the flaw)
- Veeam Backup for Oracle Linux Virtualization Supervisor and Crimson Hat Virtualization — 3 | 4.0 | 4.1 (Variations 5 and better are unaffected by the flaw)
It has been addressed within the beneath variations –
- Veeam Backup for Salesforce – Veeam Updater element model 7.9.0.1124
- Veeam Backup for Nutanix AHV – Veeam Updater element model 9.0.0.1125
- Veeam Backup for AWS – Veeam Updater element model 9.0.0.1126
- Veeam Backup for Microsoft Azure – Veeam Updater element model 9.0.0.1128
- Veeam Backup for Google Cloud – Veeam Updater element model 9.0.0.1128
- Veeam Backup for Oracle Linux Virtualization Supervisor and Crimson Hat Virtualization – Veeam Updater element model 9.0.0.1127
“If a Veeam Backup & Replication deployment is just not defending AWS, Google Cloud, Microsoft Azure, Nutanix AHV, or Oracle Linux VM/Crimson Hat Virtualization, such a deployment is just not impacted by the vulnerability,” the corporate famous.
