Veeam urges users to patch security issues which could allow backup hacks

Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol

(Image credit: Shutterstock)

Veeam released a patch for a 9.9/10 severity flaw that can lead to RCE
It was found in Veeam Backup & Restoration
The bug only works on installations joined to a domain

Veeam released a patch for a critical-level vulnerability recently discovered in its Backup & Replication software.

The vulnerability, tracked as CVE-2025-23120, is described as a deserialization flaw that allows authenticated domain users to conduct remote code execution (RCE) attacks. It was given a severity score of 9.9/10 (critical), and affects Veeam Backup & Replication 12.3.0.310 and all earlier version 12 builds.

It was fixed with version 12.3.1 (build 12.3.1.1139).

Blacklists and whitelists

The bug was discovered by cybersecurity researchers watchTowr Labs, who slammed Veeam for the way it addresses deserialization problems:

“It seems Veeam, despite being a ransomware gang's favorite play toy - didn’t learn after the lesson given by Frycos in previous research published. You guessed it - they fixed the deserialization issues by adding entries to their deserialization blacklist,” the researchers explained.

Adding entries to a deserialization blacklist doesn’t work because hackers can always find new avenues, and the developers will always end up being reactive to their behavior, watchTowr explained. Instead, it suggests Veeam should opt for a whitelist approach.

Despite its critical severity, the bug is not that simple to explicit since it only impacts Veeam Backup & Replication installations joined to a domain.

On the downside, any domain user can exploit the bug. BleepingComputer claims that “many companies” joined their Veeam server to a Windows domain, “ignoring the company’s long-standing best practices.”

The same publication claims that ransomware gangs already told them they always target Veeam Backup & Replication servers, since they are an easy way into archives of sensitive information, and allow them to block any restoration and backup efforts.

At press time, there were no reports of in-the-wild abuse, but it is safe to assume that there will be, and soon - now that the cat is out of the bag.

If your company is using Veeam’s Backup & Replication, make sure to upgrade it to version 12.3.1 as soon as you can.

Via BleepingComputer

Veeam backup software has a serious security flaw - here's how to stay safe
We've rounded up the best password managers
Take a look at our guide to the best authenticator app

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.