Critical Flaw in Veeam Backup Software Allows Code Execution

2025-02-08

Need some ammo against AWS, Google Cloud, or Microsoft Azure? Have a customer or prospect that uses these platforms? This article is for you!

A critical vulnerability in Veeam's Backup software, affecting several cloud platforms including AWS, Google Cloud, and Microsoft Azure, allows for arbitrary code execution via a man-in-the-middle attack. Veeam has released patches to address this issue, emphasizing that deployments not involving certain cloud environments remain unaffected.

Key Facts

Risks:

Patch Management, Cloud Service Provider Flaw

Keywords:

Veeam, Backup, Vulnerability, Code Execution, Cloud Platforms, Patches

CVE:

CVE-2025-23114

Affected:

Veeam Backup for Salesforce, Veeam Backup for Nutanix AHV, Veeam Backup for AWS, Veeam Backup for Microsoft Azure, Veeam Backup for Google Cloud, Veeam Backup for Oracle Linux Virtualization Manager, Veeam Backup for Red Hat Virtualization

Article Body

Critical Vulnerability in Veeam Backup Software

Veeam has identified a critical security flaw in its Backup software, which could lead to arbitrary code execution on vulnerable systems. This flaw is particularly concerning because it can be exploited through a man-in-the-middle attack, a method where an attacker intercepts and potentially alters communications between two parties without their knowledge.

Impacted Products

The vulnerability affects a range of Veeam products used for backing up various cloud platforms. These include:

Veeam Backup for Salesforce
Veeam Backup for Nutanix AHV
Veeam Backup for AWS
Veeam Backup for Microsoft Azure
Veeam Backup for Google Cloud
Veeam Backup for Oracle Linux Virtualization Manager
Veeam Backup for Red Hat Virtualization

Severity and Risk

With a CVSS score of 9.0 out of 10.0, this vulnerability is classified as critical. The high score reflects the significant risk it poses if left unpatched, as it could allow attackers to execute arbitrary code, potentially leading to data breaches or system compromises.

Mitigation and Recommendations

Veeam has released patches to address this vulnerability. Organizations using the affected Veeam Backup products are strongly advised to apply these patches promptly to mitigate the risk. Notably, if a Veeam Backup & Replication deployment is not protecting specific environments such as AWS, Google Cloud, or Microsoft Azure, it may not be affected by this vulnerability.

https://thehackernews.com/2025/02/new-veeam-flaw-allows-arbitrary-code.html?m=1