Patches are available: Veeam warned that organizations should apply the patched build promptly, noting that vulnerability disclosures frequently trigger attempts by attackers to reverse-engineer patches and develop exploits for unpatched systems.The issues were fixed in Veeam Backup & Replication 12.3.2.4465, and organizations running unsupported or older builds should assume they are vulnerable and upgrade immediately. The urgency around the latest bugs is amplified by the fact that Veeam Backup & Replication has repeatedly faced critical vulnerabilities in recent years, some of which have been actively exploited by attackers.In 2024, security agencies warned that ransomware groups were exploiting CVE-2024-40711, a critical flaw in the platform that allowed remote code execution without authentication. Attackers used the vulnerability to compromise backup servers and delete recovery data as part of ransomware campaigns. The pattern continued in 2025, when Veeam patched CVE-2025-23120, another critical RCE bug that allowed any authenticated domain user to execute code on a backup server in domain-joined environments. The steady stream of high-severity bugs, along with the history of real-world exploitation, makes timely patching critical for organizations running Veeam Backup & Replication. Organizations must treat backup systems as highly privileged infrastructure requiring strong access controls and isolation.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4144882/veeam-warns-admins-to-patch-now-as-critical-rce-flaws-hit-backup-replication.html
