Security News > 2025 > March > Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120)
2025-03-20 12:06
Veeam has released fixes for a critical remote code execution vulnerability (CVE-2025-23120) affecting its enterprise Veeam Backup & Replication solution, and is urging customers to quickly upgrade to a fixed version. There is currently no indication that the vulnerability is being leveraged by attackers. It was privately reported by researcher Piotr Bazydlo of watchTowr Labs, who followed the release of the patch with a technical write-up and pointers on how a proof-of-concept exploit for a … More → The post Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) appeared first on Help Net Security.
News URL
Related news
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) (source)
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)
- Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw (source)
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
- RCE flaw in MSP-friendly file sharing platform exploited by attackers (CVE-2025-30406) (source)
- WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-20 | CVE-2025-23120 | Unspecified vulnerability in Veeam Backup & Replication A vulnerability allowing remote code execution (RCE) for domain users. | 8.8 |