CVE-2025-24286
CVE-2025-24286
In short
A user with Backup Operator role can modify backup jobs in a way that lets them run arbitrary code on the system. This is dangerous because it allows someone with limited backup permissions to gain much broader control.
Technical detail
An authenticated attacker with Backup Operator privileges can manipulate backup job configurations to execute arbitrary code through improper privilege validation (CWE-269). The vulnerability requires valid authentication and the specific role assignment, but allows privilege escalation and code execution beyond the intended scope of backup operations.
Summary generated and translated by AI from the official description.
A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
Veeam · Backup and RecoveryWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://www.veeam.com/kb4743