Oct 17

Veeam Software Vulnerabilities – Remediation Now Available

Veeam has released a new security advisory addressing three vulnerabilities in its software suite, including two critical flaws rated with a CVSS score of 9.9.

Veeam Vulnerabilities



Scope of Impact:

These vulnerabilities affect only servers joined to a domain. Notably, the new Veeam appliances and the upcoming version 13 are architecturally immune to these issues.

Affected Products:

  • Vendor: Veeam
  • Products: Veeam Backup & Replication, Veeam Agent for Microsoft Windows
  • KB: 4771

Vulnerability Details:

  • CVE-2025-48983 – CVSS 9.9: Remote Code Execution (RCE) via the Mount Service
  • CVE-2025-48984 – CVSS 9.9: Remote Code Execution (RCE) via the Backup Server
  • CVE-2025-48982 – CVSS 7.3: Local Privilege Escalation during restoration of malicious files

Description:

Two critical vulnerabilities have been identified in Veeam Backup & Replication v12, and one high-severity flaw in Veeam Agent for Microsoft Windows:

  • CVE-2025-48983: A flaw in the Mount Service allows an authenticated domain user to execute arbitrary code remotely on backup hosts.
  • CVE-2025-48984: A similar vulnerability enables remote code execution on the Veeam Backup server.
  • CVE-2025-48982: Local privilege escalation is possible when an administrator restores a malicious file using Veeam Agent for Windows.

Affected Versions:

  • Veeam Backup & Replication: Versions ≤ 12.3.2.3617 and all versions ≤ 12
  • Veeam Agent for Windows: Versions ≤ 6.3.2.1205 and all versions < 6

Remediation Steps:

To secure your infrastructure, update to the following versions:

  • Veeam Backup & Replication: Upgrade to version 12.3.2.4165 or later
  • Veeam Agent for Windows: Upgrade to version 6.3.2.1302 or later

Keeping your backup infrastructure secure is critical to maintaining business continuity. If your systems are running affected versions, prioritize these updates immediately.

 

Veeam Software Appliance – A Linux-First leap toward secure simplified Backup Infrastructure: Blog Post
Veeam Virtual Appliance Step by Step Guide Installation: Here
VeeamON 2025 Recap: Here
v12.1 release – Veeam Data Platform: Blog Post
Veeam v12.1 – Integration with SIEM Systems : Blog Post
Veeam v12.1 – Object Storage as backup target: Blog Post
Veeam v12.1 KMS Support: Blog Post
Veeam v12.1 Malware Detection and YARA: Blog Post

 
 
 

Please follow and like us:
fb-share-icon
Tweet

Christopher GLEMOT

CTO | Technical specialist around Data Management, Security, Cyber Security, Cyber Resilience, Backup, Disaster Recovery, Multi-Cloud, and Storage | Veeam Vanguard | Varonis Elite | Owner of original-network.com

Advertisement
error

Enjoy this blog? Please spread the word :)