Veeam Releases Patches for Critical RCE Vulnerability (CVE-2025-23121) Scoring 9.9 CVSS in Backup & Replication

Date: Jun 18, 2025
Category: Vulnerability / Data Protection

Veeam has issued patches to address a severe security vulnerability in its Backup & Replication software that permits remote code execution under specific circumstances. Identified as CVE-2025-23121, this flaw has a CVSS score of 9.9 out of 10. According to the company’s advisory, it allows remote code execution (RCE) on the Backup Server by an authenticated domain user. The vulnerability affects all earlier builds of version 12, including 12.3.1.1139, and has been remedied in version 12.3.2 (build 12.3.2.3617). The discovery and reporting of this vulnerability were credited to security researchers from CODE WHITE GmbH and watchTowr. Cybersecurity firm Rapid7 suggests that this update addresses concerns raised by CODE WHITE in March 2025 regarding the potential bypassing of a previous patch for a related vulnerability (CVE-2025-23120, also scored 9.9). Additionally, Veeam has resolved another issue within the same product.

Veeam Addresses Critical RCE Vulnerability in Backup & Replication Software

On June 18, 2025, Veeam Software announced the release of critical patches addressing a severe vulnerability identified as CVE-2025-23121 within its Backup & Replication platform. This flaw, rated at an alarming 9.9 on the Common Vulnerability Scoring System (CVSS), poses a significant risk as it enables remote code execution (RCE) under certain conditions, specifically involving authenticated domain users.

The vulnerability affects all prior builds of version 12, including the widely used build 12.3.1.1139. Veeam’s latest update, version 12.3.2 (build 12.3.2.3617), provides a direct response to this security shortcoming. The identification and reporting of CVE-2025-23121 have been credited to security researchers from CODE WHITE GmbH and watchTowr, who have underscored the importance of timely updates in mitigating exploit risks associated with such vulnerabilities.

This incident has raised concerns in the cybersecurity community, particularly among organizations relying on Veeam products. The recent patch follows closely on the heels of a similar vulnerability, CVE-2025-23120, also rated with a CVSS score of 9.9. Rapid7, a recognized cybersecurity firm, suggested that the update may address previously expressed concerns surrounding the adequacy of patches that were implemented to fix this earlier flaw, which posed a potential bypass risk.

Organizations heavily invested in data protection strategies must remain vigilant, as vulnerabilities of this nature not only threaten the integrity of backup systems but can also offer a pathway for broader network compromises. The ability for an authenticated user to exploit such a vulnerability is particularly troubling, as it allows for the potential escalation of privileges beyond intended access parameters.

From a risk management perspective, it is essential for businesses to adopt strategies that encompass continuous monitoring and regular patching. The tactics employed to exploit vulnerabilities like CVE-2025-23121 could involve initial access through compromised credentials, thereby allowing an attacker to establish persistence within the system. Additionally, techniques could encompass privilege escalation to leverage further access and exploit critical infrastructure.

As the cybersecurity landscape evolves, staying updated with the latest patches and understanding the implications of vulnerabilities is crucial for safeguarding essential business operations. The incident highlights the importance of proactive vulnerability management and the need for businesses to enhance their defenses against potential exploitation attempts resulting from software flaws in backup systems, which serve as the last line of defense against data loss.

In conclusion, as Veeam addresses this serious security issue, business leaders must acknowledge the heightened risks associated with data management tools and ensure robust security practices are in place. With an emphasis on swift remediation and continuous monitoring, organizations can better protect themselves against the growing array of cyber threats.

Source link

Related Posts

Are Neglected AD Service Accounts Putting Your Organization at Risk?

Date: June 17, 2025
Category: Password Security / Active Directory

In many organizations, Active Directory (AD) service accounts are often overlooked, quietly lingering long after their intended use has faded. These orphaned accounts—typically created for legacy applications, automated tasks, or testing—often remain active with non-expiring or outdated passwords. It’s no surprise that these service accounts frequently escape the routine scrutiny of security teams. Burdened by daily challenges and ongoing technical debts, security personnel often neglect these accounts, which are disconnected from individual users and seldom reviewed. Unfortunately, this lack of attention makes them prime targets for attackers looking to infiltrate networks undetected. If left unmonitored, these forgotten service accounts can become silent gateways for security breaches and lateral movement within enterprise environments. In this article, we’ll delve into the dangers posed by neglected AD service accounts…

CISA Alerts on Ongoing Exploitation of Linux Kernel Privilege Escalation Flaw Jun 18, 2025 Linux / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified a security vulnerability affecting the Linux kernel, adding it to its Known Exploited Vulnerabilities (KEV) catalog due to its active exploitation in the wild. This vulnerability, designated CVE-2023-0386 (CVSS score: 7.8), involves improper ownership management that could allow attackers to escalate privileges on vulnerable systems. A patch was released in early 2023. CISA explained that the flaw arises from unauthorized access to the execution of setuid files with capabilities within the Linux kernel’s OverlayFS subsystem, specifically when users copy capable files from a nosuid mount to another mount. This UID mapping issue enables local users to elevate their privileges on the system. The specific methods of exploitation in current scenarios remain unclear. A report from Datadog in May 2023 highlighted this vulnerability…

Critical Linux Vulnerabilities Grant Full Root Access via PAM and Udisks Across Major Distributions

June 19, 2025
Linux / Vulnerability

Cybersecurity researchers have identified two local privilege escalation (LPE) vulnerabilities that could potentially provide root access on various major Linux distributions. The issues, revealed by Qualys, are detailed below:

  • CVE-2025-6018: LPE from unprivileged to allow_active in Pluggable Authentication Modules (PAM) for SUSE 15
  • CVE-2025-6019: LPE from allow_active to root in libblockdev through the udisks daemon

“These modern ‘local-to-root’ vulnerabilities have bridged the divide between a regular user and complete system control,” stated Saeed Abbasi, Senior Manager at Qualys Threat Research Unit (TRU). “By leveraging legitimate services like udisks loop-mounts and PAM/environment intricacies, attackers with any active GUI or SSH session can bypass polkit’s allow_active trust zone and gain root access within seconds.”

Qualys noted that CVE-2025-6018 is found in the PAM configuration of openSUSE Leap…

Google Strengthens GenAI Security with Enhanced Multi-Layered Defenses Against Prompt Injection Threats

June 23, 2025
Artificial Intelligence / AI Security

Google has announced new safety measures aimed at fortifying its generative artificial intelligence (AI) systems against emerging threats such as indirect prompt injections. These attacks, unlike direct prompt injections that involve the submission of harmful commands, embed malicious instructions within external data sources like emails, documents, or calendar invites, potentially leading AI systems to leak sensitive information or execute harmful actions. In response, Google’s GenAI security team has developed a comprehensive “layered” defense strategy that raises the difficulty, cost, and complexity associated with executing successful attacks. This multifaceted approach includes model hardening and the introduction of specialized safeguards.