CVE-2025-23121
CVE-2025-23121
In short
A Backup Server allows an authenticated domain user to run arbitrary code remotely. This is critical because attackers with valid domain credentials can fully compromise the backup system and access all backed-up data.
Technical detail
CWE-94 (Code Injection) vulnerability in Backup Server permits remote code execution when an authenticated domain user submits specially crafted input. Exploitation requires valid domain credentials and network access; successful exploitation grants arbitrary code execution with server privileges, enabling data exfiltration and system compromise.
Summary generated and translated by AI from the official description.
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected products
Veeam · Backup and RecoveryWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://www.veeam.com/kb4743