Security News > 2025 > March > Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120)
2025-03-20 12:06
Veeam has released fixes for a critical remote code execution vulnerability (CVE-2025-23120) affecting its enterprise Veeam Backup & Replication solution, and is urging customers to quickly upgrade to a fixed version. There is currently no indication that the vulnerability is being leveraged by attackers. It was privately reported by researcher Piotr Bazydlo of watchTowr Labs, who followed the release of the patch with a technical write-up and pointers on how a proof-of-concept exploit for a … More → The post Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) appeared first on Help Net Security.
News URL
Related news
- MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364) (source)
- Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist (source)
- Veeam RCE bug lets domain users hack backup servers, patch now (source)
- CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248) (source)
- Week in review: Veeam Backup & Replication RCE fixed, free file converter sites deliver malware (source)
- Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) (source)
- Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication (source)
- Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-20 | CVE-2025-23120 | Unspecified vulnerability in Veeam Backup & Replication A vulnerability allowing remote code execution (RCE) for domain users. | 8.8 |