Veeam Patches Critical Vulnerability CVE-2025-23120 in Backup & Replication Software

TL;DR

Veeam has released security patches for a critical vulnerability (CVE-2025-23120) in its Backup & Replication software that could allow remote code execution. All users are urged to update to version 12.3.1 to mitigate risks.

Veeam Addresses Critical Vulnerability in Backup & Replication Software

Veeam has addressed a critical security vulnerability, tracked as CVE-2025-23120 (CVSS score of 9.9), in its Backup & Replication software. This flaw could lead to remote code execution, posing significant risks to users. The vulnerability affects versions 12.3.0.310 and all earlier builds of version 12. Veeam has released a patch in version 12.3.1 (build 12.3.1.1139) to resolve this issue¹.

Vulnerability Details

The vulnerability, reported by security researcher Piotr Bazydlo of watchTowr, stems from a flawed deserialization handling mechanism in Veeam’s software. This flaw allows attackers to bypass the blocklist and exploit missing gadgets to achieve remote code execution. According to watchTowr, any local user on the Veeam server or any domain user if the server is domain-joined can exploit this vulnerability².

Patch and Mitigation

Veeam’s patch for this vulnerability blocks the identified gadgets, but the risk remains if new deserialization gadgets are discovered. watchTowr notes that due to the extensive codebase of Veeam, it is likely that other researchers may find additional deserialization gadgets. Given the critical nature of the software and its history of being targeted by ransomware gangs, this poses a significant concern².

Expert Insights

Piotr Bazydlo credited his colleague Sina for insisting on examining Veeam’s deserialization mechanism and providing the necessary knowledge for exploitation. This collaboration was crucial in discovering the vulnerability².

Conclusion

The critical vulnerability in Veeam’s Backup & Replication software underscores the importance of timely security patches and vigilant monitoring. Users are strongly advised to update to the latest version to protect against potential exploits. The cybersecurity community continues to watch for further developments as the risk of new deserialization gadgets being discovered remains high.

Additional Resources

For further insights, check:

• Veeam Security Advisory
• watchTowr Blog Post

References

1. Veeam (2025). “Veeam Security Advisory”. Veeam. Retrieved 2025-03-20. ↩︎

2. watchTowr (2025). “By Executive Order, We Are Banning Blacklists: Domain-Level RCE in Veeam Backup & Replication (CVE-2025-23120)”. watchTowr. Retrieved 2025-03-20. ↩︎ ↩︎² ↩︎³