Veeam Discovers Critical Security Bug in Multiple Products, Urges Immediate Patching

Veeam, a popular provider of backup solutions for businesses, has uncovered a serious vulnerability affecting various products, exposing users to potential risks. The flaw, identified in the Veeam Updater component, permits threat actors to execute arbitrary commands, posing a significant security threat. This vulnerability, designated as CVE-2025-23114 with a critical severity rating of 9.0/10, allows malicious actors to conduct man-in-the-middle attacks with elevated permissions.

Affected Veeam Backup products include versions for Salesforce, Nutanix AHV, AWS, Microsoft Azure, Google Cloud, Oracle Linux Virtualization, and Red Hat Virtualization. To address this issue, patches have been promptly released, and users are strongly advised to update their systems immediately to mitigate any security vulnerabilities.

Notably, Veeam clarifies that users not utilizing Veeam Backup & Replication for specific platforms are not impacted by this vulnerability. Nonetheless, given the popularity of Veeam’s solutions among small to large enterprises, the company remains vigilant against cyber threats. In a related incident last year, threat actors exploited a separate vulnerability (CVE-2024-40711) in Veeam Backup & Replication to deploy ransomware, underlining the importance of keeping systems up to date.

For more information on the available patches, users can refer to a provided link. Stay informed and protected with Veeam’s latest security updates to safeguard your data from potential exploits and cyberattacks. Stay tuned for updates from The Hacker News on cybersecurity threats and best practices in safeguarding your digital assets.