A critical vulnerability, CVE-2025-23120, with a CVSS score of 9.9, was identified in Veeam Backup & Replication systems, potentially compromising the backup infrastructure of organizations globally. Authenticated domain users could perform remote code execution, posing significant risks to enterprise environments. This vulnerability particularly favors ransomware operators who could manipulate recovery operations during attacks. Despite best practices advising against it, domain-joined backup servers are common, increasing the potential for exploitation. Over 20% of incident responses in 2024 involved attackers leveraging Veeam after establishing initial access within networks, emphasizing the system's attractiveness to cybercriminals. To mitigate the risk, Veeam released a critical security update, urging immediate application to prevent potential devastating impacts on business continuity and data integrity.
Source: https://cybersecuritynews.com/critical-veeam-backup-replication-vulnerability/
"id": "job443032025",
"linkid": "jobs",
"type": "Vulnerability",
"date": "3/2025",
"severity": "100",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"