Veeam has patched a critical security flaw (CVE-2025-23114, CVSS 9.0) in its Backup software that allows remote code execution through a Man-in-the-Middle (MitM) attack. The issue resides in the Veeam Updater component, enabling attackers to execute arbitrary code with root-level privileges on affected systems.
Affected Versions
The vulnerability impacts the following products and versions:
- Veeam Backup for Salesforce – 3.1 and older
- Veeam Backup for Nutanix AHV – 5.0, 5.1 (fixed in version 6)
- Veeam Backup for AWS – 6a, 7 (fixed in version 8)
- Veeam Backup for Microsoft Azure – 5a, 6 (fixed in version 7)
- Veeam Backup for Google Cloud – 4, 5 (fixed in version 6)
- Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization – 3, 4.0, 4.1 (fixed in version 5)
Patched Versions
The vulnerability has been addressed in the following Veeam Updater component versions:
- Salesforce – 7.9.0.1124
- Nutanix AHV – 9.0.0.1125
- AWS – 9.0.0.1126
- Microsoft Azure – 9.0.0.1128
- Google Cloud – 9.0.0.1128
- Oracle Linux VM / Red Hat Virtualization – 9.0.0.1127
Impact and Mitigation
Attackers can exploit this flaw to intercept update requests and inject malicious payloads, potentially gaining complete control over affected servers. Deployments that do not include AWS, Google Cloud, Microsoft Azure, Nutanix AHV, or Oracle Linux VM/Red Hat Virtualization are not affected.
Veeam recommends updating to the latest patched versions immediately to mitigate the risk.