Veeam has issued critical patches for a security vulnerability, identified as CVE-2025-23121, affecting its Backup & Replication software, which poses a risk of remote code execution (RCE) for authenticated domain users.

Veeam's products are widely utilized, boasting over 550,000 customers globally, which includes 82% of Fortune 500 companies and 74% of Global 2000 firms.

This vulnerability has a CVSS score of 9.9, highlighting its severe risk, and it impacts all earlier version 12 builds, including 12.3.1.1139.

In addition to the critical vulnerability, Veeam also addressed a medium-severity issue in the Veeam Agent for Microsoft Windows, which allowed local users with System privileges to modify directory contents and execute arbitrary code.

The latest version that resolves these issues is 12.3.2 (build 12.3.2.3617), identified by security researchers from CODE WHITE GmbH and watchTowr.

With the increasing trend of attacks targeting Veeam backup software, it is crucial for customers to upgrade to the latest version promptly to safeguard their systems.

While neither Veeam nor the researchers reported any active exploitation of these vulnerabilities, users are still advised to update their installations to mitigate potential risks.

A report from Rapid7 indicated that over 20% of their incident response cases in 2024 involved vulnerabilities in Veeam products, underscoring the importance of timely updates.

Historically, ransomware groups have targeted Veeam Backup & Replication servers, exploiting vulnerabilities to steal data and disrupt restoration efforts by deleting backups prior to deploying ransomware.

Many organizations have improperly configured their backup servers by integrating them into a Windows domain, contrary to Veeam's guidance to use a separate Active Directory Forest and enforce two-factor authentication on admin accounts.