Veeam Backup & Replication 12.x 存在严重远程代码执行漏洞(CVSS 9.9),影响域环境 Windows 系统。该漏洞允许认证用户执行任意代码,可能导致备份被劫持或恶意软件部署。建议立即升级至 12.3.2 版本修复。 2025-6-19 06:26:16 Author: infosecwriteups.com(查看原文) 阅读量:40 收藏
This vulnerability is a critical Remote Code Execution (RCE) flaw in Veeam Backup & Replication, rated 9.9 out of 10 on the CVSS v3 scale. It allows an authenticated domain user to execute arbitrary code on a backup server.
Security researchers from CODE WHITE GmbH and watchTowr are credited for identifying and reporting this flaw. They also noted that it bypassed a previous patch (CVE‑2025‑23120), underscoring its severity.
First reported in June 2025, the flaw affects all Veeam Backup & Replication version 12 builds — including 12.3.1.1139 — running on domain‑joined Windows environments. Unpatched systems remain at risk until updated to version 12.3.2 (build 12.3.2.3617).
Successful exploitation can lead to execute arbitrary code, potentially hijacking backups or deploying malware.
To secure your environment, upgrade immediately to Veeam Backup & Replication 12.3.2 (build 12.3.2.3617).
Credits:
如有侵权请联系:admin#unsafe.sh