Vulnerability cyber

Veeam

Jun 17, 2025 1 min read
Veeam

Veeam has released security updates to fix several vulnerabilities in its Backup & Replication (VBR) software, including a critical remote code execution (RCE) flaw (CVE-2025-23121). This vulnerability can be exploited by authenticated domain users to gain remote code execution on the Backup Server. The flaw affects VBR 12 or later and was fixed in version 12.3.2.3617. Many companies have ignored Veeam's best practices, making their backup servers vulnerable. Ransomware gangs have targeted VBR servers to steal data and block restoration efforts. Recent exploits include the deployment of Frag, Akira, and Fog ransomware. Historically, the Cuba ransomware gang and FIN7 have also exploited VBR vulnerabilities.

Source: https://www.bleepingcomputer.com/news/security/new-veeam-rce-flaw-lets-domain-users-hack-backup-servers/

TPRM report: https://scoringcyber.rankiteo.com/company/veeam-software

"id": "vee706061725",
"linkid": "veeam-software",
"type": "Vulnerability",
"date": "6/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Information Technology',
                        'name': 'Veeam',
                        'type': 'Software Company'}],
 'attack_vector': 'Remote Code Execution (RCE)',
 'description': 'Veeam has released security updates to fix several Veeam '
                'Backup & Replication (VBR) flaws, including a critical remote '
                'code execution (RCE) vulnerability tracked as CVE-2025-23121. '
                'This vulnerability can be exploited by authenticated domain '
                'users in low-complexity attacks to gain code execution '
                'remotely on the Backup Server. The flaw affects Veeam Backup '
                '& Replication 12 or later and was fixed in version '
                '12.3.2.3617.',
 'impact': {'systems_affected': ['Veeam Backup & Replication 12 or later']},
 'initial_access_broker': {'entry_point': 'Domain-joined installations'},
 'motivation': ['Financial', 'Data Theft', 'Ransomware Deployment'],
 'ransomware': {'ransomware_strain': ['Frag', 'Akira', 'Fog']},
 'recommendations': ['Use a separate Active Directory Forest and protect '
                     'administrative accounts with two-factor authentication'],
 'references': [{'source': 'BleepingComputer'}],
 'response': {'remediation_measures': ['Security updates released']},
 'threat_actor': ['Cuba ransomware gang',
                  'FIN7',
                  'Frag ransomware',
                  'Akira ransomware',
                  'Fog ransomware'],
 'title': 'Veeam Backup & Replication Critical RCE Vulnerability',
 'type': 'Vulnerability',
 'vulnerability_exploited': ['CVE-2025-23121',
                             'CVE-2025-23120',
                             'CVE-2024-40711']}
Published by
Jeremy C
Jeremy C
You might also like
Vulnerability cyber

ASUS

public 1 min read
A critical authorization bypass vulnerability in ASUS Armoury Crate allows attackers to gain system-level privileges on Windows machines through hard…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.