Veeam Addresses Critical Vulnerability in Backup & Replication Software
Veeam has announced crucial security updates to its Backup & Replication software in response to a severe vulnerability that could facilitate remote code execution. The flaw, identified as CVE-2025-23120, is rated with a Critical Severity level, carrying an alarming CVSS score of 9.9 out of 10.0, affecting version 12.3.0.310 and earlier iterations of version 12.
According to Veeam’s advisory, the vulnerability allows authenticated domain users to execute arbitrary code remotely. The issue was uncovered by security researcher Piotr Bazydlo from watchTowr, who highlighted that this flaw has been effectively mitigated in the recently released version 12.3.1, identified as build 12.3.1.1139.
The root of CVE-2025-23120 lies in Veeam’s inconsistent approach to deserialization. Specifically, it involves an allowlisted class that can be deserialized, which inadvertently opens pathways for an inner deserialization process. Researchers Bazydlo and Sina Kheirkhah noted that this inconsistency enables the potential execution of deserialization gadgets that are not included in the blocklist. The objects Veeam.Backup.EsxManager.xmlFrameworkDs and Veeam.Backup.Core.BackupSummary are among those that could be exploited to achieve remote code execution.
These vulnerabilities pose a significant threat, particularly for users who belong to the local users group on the Windows host of the Veeam server. The situation is exacerbated for servers joined to a domain, as any domain user could potentially exploit this flaw.
With the new patch, Veeam has added these vulnerable gadgets to the existing blocklist. However, this fix does not eliminate the risk entirely, as similar threats may emerge if more deserialization gadgets are discovered in the future.
In related news, IBM has deployed updates to address two critical vulnerabilities present in its AIX operating system. These flaws could allow attackers to perform command execution, particularly affecting AIX versions 7.2 and 7.3. The vulnerabilities include CVE-2024-56346, which involves improper access control via the AIX nimesis NIM master service, and CVE-2024-56347, affecting the SSL/TLS protection mechanism of the nimsh service.
While there is currently no evidence to suggest that these vulnerabilities have been exploited, it is imperative for users to promptly apply the necessary patches to mitigate the potential risks associated with these critical flaws.
For business owners and cybersecurity professionals, awareness of such vulnerabilities is crucial, as they represent significant risks to organizational security. The incidents involving Veeam and IBM underscore the importance of staying vigilant in the face of evolving cyber threats. Understanding the tactics and techniques outlined in the MITRE ATT&CK framework, such as initial access, privilege escalation, and execution, can further aid organizations in safeguarding their digital assets.
