A critical security vulnerability, identified as CVE-2025-23120, affects Veeam Backup & Replication versions up to 12.3.0.310. This flaw allows authenticated domain users to execute arbitrary code remotely on domain-joined backup servers.
Technical Details:
- Vulnerability Type: Remote Code Execution (RCE)
- Access Requirement: Authenticated domain user
- CVSS v3.1 Score: 9.9 (Critical)
- Impacted Component: Veeam Backup Server
Affected Versions:
- Veeam Backup & Replication 12.3.0.310 and all earlier 12.x builds
- Note: Unsupported versions are not tested but likely vulnerable
Impacted Systems:
- Domain-joined backup servers only
Mitigation:
The vulnerability is patched in Veeam Backup & Replication 12.3.1 (build 12.3.1.1139). Users are advised to upgrade to this version to mitigate the issue.
If upgrading is not immediately possible, a hotfix is available for version 12.3.0.310 under KB4724. This hotfix must be applied only if no other hotfixes are present.
Hotfix Details:
- File: VeeamBackup&Replication_12.3.0.310_KB4724.zip
- MD5: 5185235DEA2AC9F2814638534B16A6DB
- SHA1: 4B1C3A7F2F051D958EAF363E2739B1B38C4A4F8C
File Hash Verification:
Use PowerShell to verify file integrity after applying the hotfix:
Get-FileHash -Path 'C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.Common.dll' -Algorithm SHA1
# Expected SHA1: F81B62807D82D9648733B1BF5AD70172B6CB19AA
Get-FileHash -Path 'C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.EsxManager.dll' -Algorithm SHA1
# Expected SHA1: 9D72DD7E5CBE920454E7508AAF328CD1A59197E0Best Practice:
Avoid joining backup servers to a domain when possible. Refer to the Veeam Backup & Replication Security Best Practice Guide for more details.