Primary

Context

Veeam Backup & Replication Remote Code Execution Vulnerability in Mount Service

Vulnerability

Patched

A remote code execution vulnerability has been identified in the Mount service of Veeam Backup & Replication. This issue affects backup infrastructure hosts running Veeam Backup & Replication versions 12.1, 12.2, 12.3, and 12.3.1, as well as 12.3.2.3617, but not the Veeam Software Appliance or the upcoming Veeam Backup & Replication v13 for Windows. The vulnerability can be exploited by an authenticated domain user on domain-joined backup infrastructure servers.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected backup infrastructure hosts.

Remediation

Users can upgrade to Veeam Backup & Replication 12.3.2.4165 Patch to address this vulnerability.

Added: Oct 31, 2025, 12:31 AM

Updated: Oct 31, 2025, 12:31 AM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

4.9

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

4.9

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Veeam Backup & Replication Remote Code Execution Vulnerability in Mount Service

Vulnerability

Impact

Remediation

Affected Products

Veeam Backup & Replication

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating