Security News > 2025 > March > Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120)
2025-03-20 12:06
Veeam has released fixes for a critical remote code execution vulnerability (CVE-2025-23120) affecting its enterprise Veeam Backup & Replication solution, and is urging customers to quickly upgrade to a fixed version. There is currently no indication that the vulnerability is being leveraged by attackers. It was privately reported by researcher Piotr Bazydlo of watchTowr Labs, who followed the release of the patch with a technical write-up and pointers on how a proof-of-concept exploit for a … More → The post Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) appeared first on Help Net Security.
News URL
Related news
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364) (source)
- Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist (source)
- Veeam RCE bug lets domain users hack backup servers, patch now (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248) (source)
- Week in review: Veeam Backup & Replication RCE fixed, free file converter sites deliver malware (source)
- Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) (source)
- Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication (source)
- Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-20 | CVE-2025-23120 | A vulnerability allowing remote code execution (RCE) for domain users. | 0.0 |