Critical Veeam Backup Vulnerability Let Attackers Execute Arbitrary Code to Gain Root Access
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
A critical vulnerability, identified as CVE-2025-23114, has been discovered in the Veeam Updater component, a key element of multiple Veeam backup solutions.
This flaw enables attackers to execute arbitrary code on affected servers through a Man-in-the-Middle (MitM) attack, potentially granting root-level permissions.
The vulnerability has been assigned a severity score of 9.0, underscoring its significant risk.
Overview of the Veeam Backup Vulnerability
The vulnerability exists due to insecure communication channels used by the Veeam Updater component when transmitting sensitive data.
Exploiting this flaw allows attackers positioned between the vulnerable appliance and its update server to intercept and interfere with update requests.
This issue impacts various Veeam products, including:
Veeam has released updates addressing CVE-2025-23114 by patching the affected Veeam Updater component in newer versions of its software.
Automatic updates are enabled by default for all actively supported backup appliances, ensuring that most users will receive the fix without manual intervention.
The following updated versions of the Veeam Updater component resolve the vulnerability:
Product Fixed Updater Version Veeam Backup for Salesforce7.9.0.1124Veeam Backup for Nutanix AHV9.0.0.1125Veeam Backup for AWS9.0.0.1126Veeam Backup for Microsoft Azure9.0.0.1128Veeam Backup for Google Cloud9.0.0.1128Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization9.0.0.1127
Organizations using older versions of affected products are at heightened risk if updates are not promptly applied. However, deployments running Veeam Backup & Replication version 12.3 with updated appliances are unaffected.
Mitigation Steps
To protect against this critical vulnerability:
This highlights the importance of maintaining up-to-date software in critical infrastructure systems like backup solutions.
Administrators should ensure their systems are patched promptly while implementing additional security measures such as network monitoring and isolating backup appliances from external access wherever possible.
#Cyber_Security #Cyber_Security_News #Vulnerability
Оригинальная версия на сайте:
Critical Veeam Backup Vulnerability Let Attackers Execute Arbitrary Code to Gain Root Access
Author: KaaviyaA critical vulnerability, identified as CVE-2025-23114, has been discovered in the Veeam Updater component, a key element of multiple Veeam backup solutions.
This flaw enables attackers to execute arbitrary code on affected servers through a Man-in-the-Middle (MitM) attack, potentially granting root-level permissions.
The vulnerability has been assigned a severity score of 9.0, underscoring its significant risk.
Overview of the Veeam Backup Vulnerability
The vulnerability exists due to insecure communication channels used by the Veeam Updater component when transmitting sensitive data.
Exploiting this flaw allows attackers positioned between the vulnerable appliance and its update server to intercept and interfere with update requests.
This issue impacts various Veeam products, including:
- Veeam Backup for Salesforce (versions 3.1 and older)
- Veeam Backup for Nutanix AHV (versions 5.0 and 5.1)
- Veeam Backup for AWS (versions 6a and 7)
- Veeam Backup for Microsoft Azure (versions 5a and 6)
- Veeam Backup for Google Cloud (versions 4 and 5)
- Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization (versions 3, 4.0, and 4.1)
Veeam has released updates addressing CVE-2025-23114 by patching the affected Veeam Updater component in newer versions of its software.
Automatic updates are enabled by default for all actively supported backup appliances, ensuring that most users will receive the fix without manual intervention.
The following updated versions of the Veeam Updater component resolve the vulnerability:
Product Fixed Updater Version Veeam Backup for Salesforce7.9.0.1124Veeam Backup for Nutanix AHV9.0.0.1125Veeam Backup for AWS9.0.0.1126Veeam Backup for Microsoft Azure9.0.0.1128Veeam Backup for Google Cloud9.0.0.1128Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization9.0.0.1127
Organizations using older versions of affected products are at heightened risk if updates are not promptly applied. However, deployments running Veeam Backup & Replication version 12.3 with updated appliances are unaffected.
Mitigation Steps
To protect against this critical vulnerability:
- Use the built-in Veeam Updater tool to ensure your appliance is running the fixed version.
- Check the version of your Veeam Updater component by navigating to the update history or reviewing logs in /veeam/veeam-updater/updater.log.
- Ensure that all backup appliances are updated to the latest unaffected versions
This highlights the importance of maintaining up-to-date software in critical infrastructure systems like backup solutions.
Administrators should ensure their systems are patched promptly while implementing additional security measures such as network monitoring and isolating backup appliances from external access wherever possible.
#Cyber_Security #Cyber_Security_News #Vulnerability
Оригинальная версия на сайте:
