CVE-2025-23120 Veeam Backup Vulnerability

CVE-2025-23120 Veeam Backup Vulnerability Allows Remote Code Execution

A critical security vulnerability, identified as CVE-2025-23120, affects Veeam Backup & Replication versions up to 12.3.0.310. This flaw allows authenticated domain users to execute arbitrary code remotely on domain-joined backup servers.

Technical Details:

  • Vulnerability Type: Remote Code Execution (RCE)
  • Access Requirement: Authenticated domain user
  • CVSS v3.1 Score: 9.9 (Critical)
  • Impacted Component: Veeam Backup Server

Affected Versions:

  • Veeam Backup & Replication 12.3.0.310 and all earlier 12.x builds
  • Note: Unsupported versions are not tested but likely vulnerable

Impacted Systems:

  • Domain-joined backup servers only

Mitigation:

The vulnerability is patched in Veeam Backup & Replication 12.3.1 (build 12.3.1.1139). Users are advised to upgrade to this version to mitigate the issue.

If upgrading is not immediately possible, a hotfix is available for version 12.3.0.310 under KB4724. This hotfix must be applied only if no other hotfixes are present.

Hotfix Details:

File Hash Verification:

Use PowerShell to verify file integrity after applying the hotfix:

Get-FileHash -Path 'C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.Common.dll' -Algorithm SHA1

# Expected SHA1: F81B62807D82D9648733B1BF5AD70172B6CB19AA

Get-FileHash -Path 'C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.EsxManager.dll' -Algorithm SHA1

# Expected SHA1: 9D72DD7E5CBE920454E7508AAF328CD1A59197E0

Best Practice:

Avoid joining backup servers to a domain when possible. Refer to the Veeam Backup & Replication Security Best Practice Guide for more details.

Leave a Comment

Your email address will not be published. Required fields are marked *