Patch Now: Veeam Backup & Replication Vulnerable to Remote Code Execution
A recently released patch protects Veeam's backup solution twice against remote code execution. The Agent for Windows has also been secured.
(Image: Alfa Photo/Shutterstock.com)
In several versions of Veeam Backup & Replication, two critical security vulnerabilities exist that make the backup solution vulnerable to Remote Code Execution (RCE) by authenticated domain users. A patch closes the vulnerabilities CVE-2025-48983 and CVE-2025-48984, each rated with a CVSS-v3.1 score of 9.9, making them critical.
Affected by the RCE vulnerabilities are, according to the developers' security advisory, all Veeam Backup & Replication versions of the 12 series up to and including 12.3.2.3617. The Patch 12.3.2.4165, released today, Tuesday, eliminates the threat (see release notes). Prompt action is advisable.
Videos by heise
Veeam Agent for Windows also patched
Furthermore, the developers have provided a security update for Veeam Agent for Windows. The security vulnerability CVE-2025-48982, which was fixed, posed a high risk (CVSS score 7.3); under certain conditions, it could have been exploited for privilege escalation.
The vulnerability is present in all versions up to and including 6.3.2.1205 and was resolved with Build 6.3.2.1302. Details and download links can also be found in the current security advisory.
(ovw)
