{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2025-021.pdf"
    },
    "title": "Critical Vulnerability in Veeam Backup & Replication",
    "serial_number": "2025-021",
    "publish_date": "18-06-2025 13:57:56",
    "description": "On 17 June 2025, Veeam released an advisory addressing several vulnerabilities in Veeam Backup & Replication, one of which is rated as critical.<br>\nIt is recommended updating as soon as possible.<br>\n",
    "url_title": "2025-021",
    "content_markdown": "---    \ntitle: 'Critical Vulnerability in\u00a0Veeam\u00a0Backup\u00a0&\u00a0Replication'\nnumber: '2025-021'\nversion: '1.0'\noriginal_date: '2025-06-17'\ndate: '2025-06-18'\n---\n\n_History:_\n\n* _18/06/2025 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn 17 June 2025, Veeam released an advisory addressing several vulnerabilities in Veeam Backup & Replication, one of which is rated as critical [1].\n\nIt is recommended updating as soon as possible.\n\n# Technical Details\n\nThe vulnerability **CVE-2025-23121**, with a CVSS score of 9.9, is a flaw allowing remote code execution (RCE) on the Backup Server by an authenticated domain user. This vulnerability only impacts domain-joined backup servers.\n\nIt is said that this vulnerability is likely a bypass of the fix, released in March 2025, addressing the vulnerability **CVE-2025-23120** [2,3].\n\n# Affected Products\n\nThis vulnerability impacts Veeam Backup & Replication version 12 builds, including 12.3.1.1139 (addressed in 12.3.2 (build 12.3.2.3617)).\n\nThe vendor notes that unsupported product versions are not tested, but are likely affected and should be considered vulnerable [1].\n\n# Recommendations\n\nIt is recommended updating as soon as possible, and implementing best practices provided by the vendor [4].\n\n# References\n\n[1] <https://www.veeam.com/kb4743>\n\n[2] <https://thehackernews.com/2025/06/veeam-patches-cve-2025-23121-critical.html>\n\n[3] <https://thehackernews.com/2025/03/veeam-and-ibm-release-patches-for-high.html>\n\n[4] <https://bp.veeam.com/security/Design-and-implementation/Hardening/Workgroup_or_Domain.html#best-practice>",
    "content_html": "<p><em>History:</em></p><ul><li><em>18/06/2025 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On 17 June 2025, Veeam released an advisory addressing several vulnerabilities in Veeam Backup &amp; Replication, one of which is rated as critical [1].</p><p>It is recommended updating as soon as possible.</p><h2 id=\"technical-details\">Technical Details</h2><p>The vulnerability <strong>CVE-2025-23121</strong>, with a CVSS score of 9.9, is a flaw allowing remote code execution (RCE) on the Backup Server by an authenticated domain user. This vulnerability only impacts domain-joined backup servers.</p><p>It is said that this vulnerability is likely a bypass of the fix, released in March 2025, addressing the vulnerability <strong>CVE-2025-23120</strong> [2,3].</p><h2 id=\"affected-products\">Affected Products</h2><p>This vulnerability impacts Veeam Backup &amp; Replication version 12 builds, including 12.3.1.1139 (addressed in 12.3.2 (build 12.3.2.3617)).</p><p>The vendor notes that unsupported product versions are not tested, but are likely affected and should be considered vulnerable [1].</p><h2 id=\"recommendations\">Recommendations</h2><p>It is recommended updating as soon as possible, and implementing best practices provided by the vendor [4].</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.veeam.com/kb4743\">https://www.veeam.com/kb4743</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://thehackernews.com/2025/06/veeam-patches-cve-2025-23121-critical.html\">https://thehackernews.com/2025/06/veeam-patches-cve-2025-23121-critical.html</a></p><p>[3] <a rel=\"noopener\" target=\"_blank\" href=\"https://thehackernews.com/2025/03/veeam-and-ibm-release-patches-for-high.html\">https://thehackernews.com/2025/03/veeam-and-ibm-release-patches-for-high.html</a></p><p>[4] <a rel=\"noopener\" target=\"_blank\" href=\"https://bp.veeam.com/security/Design-and-implementation/Hardening/Workgroup_or_Domain.html#best-practice\">https://bp.veeam.com/security/Design-and-implementation/Hardening/Workgroup_or_Domain.html#best-practice</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}