- VEEAM has published a patch for a 9.9 / 10 gravity fault which can lead to RCE
- It was found in Veeam Backup & Restoration
- The bug only works on the installations attached to an area
VEEAM has published a corrective for a recently discovered critical level vulnerability in its backup and replication software.
Vulnerability, followed in CVE-2025-23120, is described as a lack of deialialization which allows authenticated domain users to carry out distant code execution attacks (RCE). He received a 9.9 / 10 (critical) severity score and affects VEEAM backup and replication 12.3.0.310 and all previous versions of version 12.
It was set with version 12.3.1 (Build 12.3.1.1139).
Black lists and white lists
The bug was discovered by cybersecurity researchers Watchtow Labs, who criticized Veeam for the way it solves the problems of deialialization:
“It seems that Veeam, although it is the favorite game toy of a ransomware gang – did not learn after the lesson given by Fryco in the previous published research. You have guessed it – they resolved the problems of dereialization by adding entries to their black list of dereialization”, explained the researchers.
The addition of entries to a black list of deialialization does not work because pirates can always find new avenues, and developers will always end up being reactive to their behavior, Watchtowr said. Instead, it suggests that Veeam should opt for a white list approach.
Despite its critical severity, the bug is not so simple to explicit because it has no impact on the VEEAM backup and replication facilities Stay in an area.
Upon down, any domain user can operate the bug. Bleeping Compompute The claims that “many companies” have joined their Veeam server to a Windows domain, “ignoring the company’s best practices for the company”.
The same publication claims that Ransomware gangs have already told them that they always target VEEAM backup and replication servers, because they are an easy way in sensitive information archives, and allow them to block restoration and backup efforts.
At the time of the press, there was no report of abuse in the jumps, but it is prudent to assume that there will be, and soon – now that the cat is out of the bag.
If your business uses Veeam’s backup and replication, be sure to upgrade it to version 12.3.1 as soon as you can.
Via Bleeping Compompute
