Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Veeam Patches CVE-2025-23121: Critical RCE Bug Rated 9.9 CVSS in Backup & Replication

The Hacker News by The Hacker News
June 18, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Jun 18, 2025Ravie LakshmananVulnerability / Data Protection

Veeam has rolled out patches to contain a critical security flaw impacting its Backup & Replication software that could result in remote code execution under certain conditions.

The security defect, tracked as CVE-2025-23121, carries a CVSS score of 9.9 out of a maximum of 10.0.

“A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user,” the company said in an advisory.

CVE-2025-23121 impacts all earlier version 12 builds, including 12.3.1.1139. It has been addressed in version 12.3.2 (build 12.3.2.3617). Security researchers at CODE WHITE GmbH and watchTowr have been credited with discovering and reporting the vulnerability.

Cybersecurity

Cybersecurity company Rapid7 noted that the update likely addresses concerns shared by CODE WHITE in late March 2025 that the patch put in place to plug a similar hole (CVE-2025-23120, CVSS score: 9.9) could be bypassed.

Also addressed by Veeam is another flaw in the same product (CVE-2025-24286, CVSS score: 7.2) that allows an authenticated user with the Backup Operator role to modify backup jobs, which could result in arbitrary code execution.

The American company separately patched a vulnerability that affected Veeam Agent for Microsoft Windows (CVE-2025-24287, CVSS score: 6.1) that permits local system users to modify directory contents, leading to code execution with elevated permissions. The issue has been patched in version 6.3.2 (build 6.3.2.1205).

According to Rapid7, more than 20% of its incident response cases in 2024 involved either the access or exploitation of Veeam, once a threat actor has already established a foothold in the target environment.

With security flaws in Veeam backup software becoming a prime target for attackers in recent years, it’s crucial that customers update to the latest version of the software with immediate effect.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
Sivers Semiconductors to Participate in the 15th Annual Roth London Conference

Sivers Semiconductors to Participate in the 15th Annual Roth London Conference

Recommended.

A New Approach to Smart Personal Safety Begins with the Launch of Timeli

A New Approach to Smart Personal Safety Begins with the Launch of Timeli

January 5, 2026
Finnish quantum computing champion IQM determined to make ‘impossible’ engineering breakthrough | Computer Weekly

Finnish quantum computing champion IQM determined to make ‘impossible’ engineering breakthrough | Computer Weekly

April 14, 2026

Trending.

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

May 1, 2026
Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

May 4, 2026
Google’s 0 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

Google’s $750 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

April 24, 2026
AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

April 30, 2026
Dell’s Infrastructure Blitz: Private Cloud, PowerStore Elite, PowerEdge In Spotlight At Dell Technologies World 2026

Dell’s Infrastructure Blitz: Private Cloud, PowerStore Elite, PowerEdge In Spotlight At Dell Technologies World 2026

May 19, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio