Critical Veeam Backup Vulnerability

Veeam rushes out fix for critical backup flaw

Veeam has issued updates for Backup & Replication after researchers from CODE WHITE and watchTowr disclosed CVE-2025-23121, a remote-code-execution bug scored 9.9/10.0 on the CVSS scale. The flaw affects every Version 12 build up to 12.3.1.1139 and lets an authenticated Windows domain user run arbitrary code on the backup server. The patch arrives in Version 12.3.2 (build 12.3.2.3617). At the same time, Veeam fixed two related issues: CVE-2025-24286 (role-based abuse inside Backup & Replication, CVSS 7.2) and CVE-2025-24287 (local-privilege escalation in Veeam Agent for Windows, CVSS 6.1, fixed in 6.3.2.1205). Rapid7 notes the update also closes a potential bypass of last quarter’s CVE-2025-23120 fix and reminds customers that more than 20 percent of its 2024 incident-response cases involved Veeam products. Immediate patching is urged.

Veeam has shipped a security update to crush CVE-2025-23121, a near-maximum-severity vulnerability (CVSS 9.9) in its Backup & Replication platform. The bug means a logged-in domain user could hijack the backup server and run code of their choice, putting precious recovery data at risk.

Who is affected?

All Version 12 builds up to 12.3.1.1139 are exposed. The safe release is 12.3.2 (build 12.3.2.3617), available now on Veeam’s support portal.

More than one hole plugged

Veeam’s June patch cycle also sweeps up:

CVE-2025-24286 – allows a user with the Backup Operator role to alter jobs and trigger code execution (CVSS 7.2).

CVE-2025-24287 – lets local Windows users escalate privileges via the Veeam Agent (CVSS 6.1); fixed in 6.3.2.1205.

Rapid7 believes the new code likewise blocks work-arounds to February’s CVE-2025-23120 patch, underscoring how determined attackers are to weaponise Veeam.

Why speed matters

Backup platforms are prime ransomware targets; Rapid7 says one in five of its 2024 incident cases featured Veeam exploitation. Delay patching and you could hand criminals the keys to your recovery vault.

What to do now

Update Backup & Replication to 12.3.2.

Patch Veeam Agent for Windows to 6.3.2.1205.

Audit domain accounts with backup access and enable MFA.

Monitor logs for unusual backup-job changes or privilege escalation attempts.

Stay current to keep your last line of defence—your backups—safe from compromise.