Veeam has released security updates to resolve a critical vulnerability in its Backup & Replication product that could allow remote code execution. The flaw, identified as
CVE202523121 with a CVSS score of 9.9, lets an authenticated domain user run arbitrary code on the Backup Server under certain conditions.
According to Veeam’s advisory, the issue affects Backup & Replication version 12.3.1.1139 and all earlier version 12 builds. Security researchers from CODE WHITE GmbH and watchTowr reported the vulnerability.
A technical analysis by Rapid7 explains that after Veeam patched CVE202523120 in March 2025, researchers showed that the fix could be bypassed, leading to the discovery of CVE202523121. Veeam’s June 17 advisory confirms that the new flaw can be exploited by authenticated domain users, similar to the earlier vulnerability.
In addition to CVE202523121, Veeam addressed two other issues:
CVE202524286 (CVSS 7.2)
An authenticated user with the Backup Operator role can modify backup jobs in a way that leads to arbitrary code execution. Nikolai Skliarenko of Trend Micro discovered this vulnerability.
CVE202524287 (CVSS 6.1)
Veeam Agent for Microsoft Windows contained a flaw that lets local system users alter directory contents, enabling arbitrary code execution with elevated privileges. CrisprXiang reported the issue through the Trend Micro Zero Day Initiative.
Veeam customers should apply the latest patches as soon as possible to protect their systems from potential attacks.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
