Security News > 2022 > December > CISA Alert: Veeam Backup and Replication Vulnerabilities Being Exploited in Attacks

The U.S. Cybersecurity and Infrastructure Security Agency has added two vulnerabilities impacting Veeam Backup & Replication software to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation in the wild.
"The Veeam Distribution Service allows unauthenticated users to access internal API functions," Veeam noted in an advisory published in March 2022.
Both the issues that impact product versions 9.5, 10, and 11 have been addressed in versions 10a and 11a.
Users of Veeam Backup & Replication 9.5 are advised to upgrade to a supported version.
"We believe that these vulnerabilities will be exploited in real attacks and will put many organizations at significant risk," Petrov said on March 16, 2022.
Details on the attacks exploiting these vulnerabilities are unknown as yet, but cybersecurity company CloudSEK disclosed in October that it observed multiple threat actors advertising a "Fully weaponized tool for remote code execution" that abuse the two flaws.
News URL
https://thehackernews.com/2022/12/cisa-alert-veeam-backup-and-replication.html
Related news
- CISA tags NAKIVO backup flaw as actively exploited in attacks (source)
- CISA tags Windows, Cisco vulnerabilities as actively exploited (source)
- CISA Identifies Five New Vulnerabilities Currently Being Exploited (source)
- CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List (source)
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
- Over 400 IPs Exploiting Multiple SSRF Vulnerabilities in Coordinated Cyber Attack (source)
- GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Veeam and IBM Release Patches for High-Risk Flaws in Backup and AIX Systems (source)
- Veeam RCE bug lets domain users hack backup servers, patch now (source)