Veeam Vulnerabilities Expose Backup Servers to Remote Attacks
Veeam, a leading provider of data protection and backup solutions, disclosed three critical vulnerabilities affecting its widely deployed backup software.
These flaws—assigned CVE-2025-23121, CVE-2025-24286, and CVE-2025-24287—could allow attackers to execute code remotely or escalate privileges, posing significant risks to organizations relying on Veeam for data integrity and disaster recovery.
The Vulnerabilities
CVE-2025-23121: Critical Remote Code Execution
The most severe of the newly disclosed vulnerabilities, CVE-2025-23121, allows an authenticated domain user to execute arbitrary code on a Veeam Backup Server.
With a CVSS v3.0 score of 9.9, this flaw is especially dangerous for organizations that have domain-joined backup servers.
Successful exploitation could enable attackers to compromise backup infrastructure and potentially gain access to sensitive data across the enterprise.
CVE-2025-24286: Privilege Escalation via Backup Operator Role
CVE-2025-24286, rated with a high severity CVSS v3.1 score of 7.2, enables authenticated users with the Backup Operator role to modify backup jobs in ways that could result in arbitrary code execution.
This vulnerability is particularly concerning in environments where multiple administrators have elevated privileges, as it could be exploited for lateral movement or to disrupt backup operations.
CVE-2025-24287: Local Privilege Escalation in Veeam Agent
CVE-2025-24287 affects the Veeam Agent for Microsoft Windows and allows local system users to modify directory contents, potentially leading to code execution with elevated permissions.
While less severe (CVSS v3.1 score: 6.1), it still poses a risk for organizations with unpatched agents deployed on endpoints.
Affected Products and Fixes
| CVE | Description | Severity | CVSS Score | Affected Product(s) |
| CVE-2025-23121 | RCE by authenticated domain user on Backup Server | Critical | 9.9 | Veeam Backup & Replication ≤12.3.1.1139 |
| CVE-2025-24286 | Backup Operator can modify jobs, execute code | High | 7.2 | Veeam Backup & Replication ≤12.3.1.1139 |
| CVE-2025-24287 | Local users can modify directories, escalate privileges | Medium | 6.1 | Veeam Agent for Windows ≤6.3.1.1074 |
Veeam has released patches to address all three vulnerabilities. Organizations are strongly urged to update to Veeam Backup & Replication 12.3.2 (build 12.3.2.3617) and Veeam Agent for Microsoft Windows 6.3.2 (build 6.3.2.1205) as soon as possible.
Unsupported product versions, while not explicitly tested, are presumed vulnerable and should be upgraded immediately.
Security experts further recommend following Veeam’s best practices, such as avoiding domain-joining backup servers unless absolutely necessary and ensuring backup infrastructure is isolated from production domains.
Given the critical nature of these vulnerabilities and the central role backup servers play in organizational resilience, prompt patching and adherence to security best practices are essential to prevent potential exploitation and data compromise.