Veeam has released new security updates to address several vulnerabilities in its Backup & Replication (VBR) software, including a critical remote code execution (RCE) flaw.
The vulnerability, identified as CVE-2025-23121, was reported by researchers from watchTowr and CodeWhite. It specifically affects VBR installations that are joined to a domain.
According to a security advisory published by Veeam on Tuesday, authenticated domain users can exploit this flaw in low-complexity attacks to execute code remotely on the backup server. The vulnerability affects Veeam Backup & Replication version 12 and newer, and has been patched in version 12.3.2.3617, released earlier today. Although this flaw is limited to domain-joined environments, it can be exploited by any domain user, which makes it particularly easy to misuse in such setups.
Despite Veeam’s best practice recommendations to isolate backup servers using a separate Active Directory Forest and protect administrator accounts with two-factor authentication, many organizations have still joined their backup servers to a domain, increasing the risk of exploitation.
In March, Veeam addressed another RCE vulnerability (CVE-2025-23120) that also affected domain-joined installations of the software.
Ransomware groups have long targeted VBR servers because compromising them allows attackers to delete backups and block recovery efforts before deploying ransomware across the victim's network. In November, Sophos X-Ops incident responders reported that another RCE vulnerability (CVE-2024-40711), first disclosed in September, was being actively used to spread Frag ransomware.
The same flaw has been used in attacks involving Akira and Fog ransomware since October, allowing remote code execution on unpatched Veeam backup servers.
Previously, cybercriminals associated with the Cuba ransomware group and the financially driven threat actor FIN7 have also exploited VBR flaws. FIN7 is known for working with other major ransomware gangs, such as Conti, REvil, Maze, Egregor, and BlackBasta.
Veeam’s software is widely adopted, with more than 550,000 customers globally, including 82 percent of Fortune 500 companies and 74 percent of Global 2,000 firms.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
