Veeam has launched security updates immediately to repair a number of Veeam Backup & Replication (VBR) flaws, together with a important distant code execution (RCE) vulnerability.
Tracked as CVE-2025-23121, this security flaw was reported by security researchers at watchTowr and CodeWhite, and it solely impacts domain-joined installations.
As Veeam defined in a Tuesday security advisory, the vulnerability might be exploited by authenticated area customers in low-complexity assaults to achieve code execution remotely on the Backup Server. This flaw impacts Veeam Backup & Replication 12 or later, and it was mounted in model 12.3.2.3617, which was launched earlier immediately.
Whereas CVE-2025-23121 solely impacts VBR installations joined to a site, any area person can exploit it, making it straightforward to abuse in these configurations.
Sadly, many corporations have joined their backup servers to a Home windows area, ignoring Veeam’s greatest practices, which advise admins to make use of a separate Lively Listing Forest and defend the executive accounts with two-factor authentication.
In March, Veeam patched one other RCE vulnerability (CVE-2025-23120) in Veeam’s Backup & Replication software program that impacts domain-joined installations.
Ransomware gangs have additionally advised BleepingComputer years in the past that they all the time goal VBR servers as a result of they simplify stealing victims’ knowledge and block restoration efforts by deleting backups earlier than deploying the ransomware payloads on the victims’ networks.
As Sophos X-Ops incident responders revealed in November, one other VBR RCE flaw (CVE-2024-40711) disclosed in September is now being exploited to deploy Frag ransomware.
The identical vulnerability was additionally used to achieve distant code execution on weak Veeam backup servers in Akira and Fog ransomware assaults beginning in October.
Prior to now, the Cuba ransomware gang and FIN7, a financially motivated risk group recognized to collaborate with the Conti, REvil, Maze, Egregor, and BlackBasta ransomware gangs, had been additionally noticed exploiting VBR vulnerabilities.
Veeam’s merchandise are utilized by over 550,000 prospects worldwide, together with 82% of Fortune 500 corporations and 74% of International 2,000 companies.
Patching used to imply advanced scripts, lengthy hours, and infinite fireplace drills. Not anymore.
On this new information, Tines breaks down how trendy IT orgs are leveling up with automation. Patch quicker, cut back overhead, and concentrate on strategic work — no advanced scripts required.