Security update: Malicious code attacks on Veeam backup servers conceivable
Attackers can exploit several vulnerabilities in Veeam Backup & Replication and Veeam Agent for Windows.
(Image: Alfa Photo/Shutterstock.com)
If attackers successfully exploit vulnerabilities in Veeam Backup & Replication and Veeam Agent for Windows, they can, in the worst case, compromise backup servers with malicious code. Security patches are available for download.
Dangerous malicious code vulnerabilities
As the developers explain in a warning message, they have closed a total of three software vulnerabilities. A “critical” vulnerability (CVE-2025-23121) allows an attacker identified as a domain user to execute malicious code. For attacks on the second vulnerability (CVE-2025-24286 “high”) to work, an attacker must be authenticated as a backup operator. If this is the case, they can execute malicious code.
The developers assure that they have closed both vulnerabilities in Veeam Backup & Replication 12.3.2 (build 12.3.2.3617).
Videos by heise
Veeam Agent for Windows is also vulnerable to malicious code attacks (CVE-2025-24287 “medium”). Version 6.3.2 (build 6.3.2.1205) provides a remedy here. It is not yet clear how attacks could take place in all cases. There are currently no reports of attacks. However, this could change quickly. Accordingly, admins should update their systems promptly.
The developers last closed a critical security gap in Veeam Backup & Replication in March of this year.
(des)
