Critical Veeam Backup Vulnerability Allows Remote Code Execution
/ 1 min read
🔄 Critical Veeam vulnerability exposes systems to Man-in-the-Middle attacks. A severe vulnerability (CVE-2025-23114, CVSS 9.0) has been identified in the Veeam Updater component, affecting various Veeam backup products, including Veeam Backup for Salesforce and Veeam Backup for AWS. This flaw allows attackers to execute Man-in-the-Middle attacks, potentially gaining root-level access to affected servers by intercepting and altering update requests. Veeam has released updates to address this vulnerability, and users are strongly advised to update their systems immediately to mitigate risks of data theft or ransomware attacks. Those running Veeam Backup & Replication 12.3 and updated appliances are likely not affected but should verify their Updater version for safety.
