A vulnerability, tracked as CVE-2025-23120, with a CVSS score of 9.9, has been discovered in Veeam Backup & Replication. This vulnerability can allow attackers to exploit the system and execute remote code on the Veeam Backup Server. Continue reading this Cybersecurity Threat Advisory to minimize your risks.
What is the threat?
CVE-2025-23120 is a critical remote code execution (RCE) vulnerability in Veeam Backup & Replication software affecting domain-joined installations. Authenticated domain users can exploit this flaw to execute arbitrary code on the Veeam Backup Server.
Why is it noteworthy?
The flaw allows authenticated domain users to gain unauthorized access to backup data, disrupt recovery processes, and compromise business continuity. Prompt patching and enhanced security measures are essential to mitigate the risk.
What is the exposure or risk?
The exposure and risk is substantial. It can enable authenticated domain users to execute arbitrary code on the Veeam Backup Server, leading to unauthorized access to sensitive backup data and disruption of recovery processes. Additionally, ransomware gangs are targeting Veeam servers, exploiting this flaw to steal data and prevent restoration efforts by deleting backups.
What are the recommendations?
Barracuda recommends the following actions to mitigate risk:
- Upgrade to Veeam Backup & Replication version 12.3.1.1139 to mitigate this vulnerability.
- Deploy Veeam components in a management domain within a separate Active Directory Forest and protect administrative accounts with two-factor authentication, ensuring the Veeam Availability Infrastructure is independent of the environment it protects.
- Regularly review and update access controls for Veeam Backup & Replication.
- Monitor decommissioned domain user accounts and disable them properly to prevent unauthorized access.
- Develop an incident response plan with procedures for identifying, containing, and remediating exploitation attempts on Veeam Backup & Replication, and train all relevant personnel for security incidents.
References
For more in-depth information about the recommendations, please visit the following links:
- https://www.bleepingcomputer.com/news/security/veeam-rce-bug-lets-domain-users-hack-backup-servers-patch-now/
- https://nvd.nist.gov/vuln/detail/CVE-2025-23120
If you have any questions about this Cybersecurity Threat Advisory, don’t hesitate to get in touch with Barracuda Managed XDR’s Security Operations Center.
