Primary

Context

Veeam Backup and Replication Remote Code Execution Vulnerability for Domain Users

Vulnerability

Patched

A remote code execution vulnerability has been identified in Veeam Backup & Replication versions 12.3.2.3617 and earlier. This vulnerability affects backup servers that are joined to a domain. The issue allows an authenticated domain user to execute arbitrary code on the backup server.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected backup server.

Remediation

This vulnerability has been fixed in Veeam Backup & Replication version 12.3.2.4165 Patch.

Added: Oct 31, 2025, 12:30 AM

Updated: Oct 31, 2025, 12:30 AM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

10.0

exploitability

4.9

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

10.0

exploitability

4.9

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Veeam Backup and Replication Remote Code Execution Vulnerability for Domain Users

Vulnerability

Impact

Remediation

Affected Products

Veeam Backup & Replication

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating