430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Watch out, Veeam fixed a new critical bug in Backup & Replication product

Veeam addressed a new critical flaw in Backup & Replication product that could potentially result in remote code execution. Veeam has rolled out security patches to address a critical security vulnerability, tracked CVE-2025-23121 (CVSS score of 9.9) in its Backup & Replication solution that can allow remote attackers to execute arbitrary code under certain conditions. […]

Veeam Backup & Replication

Veeam addressed a new critical flaw in Backup & Replication product that could potentially result in remote code execution.

Veeam has rolled out security patches to address a critical security vulnerability, tracked CVE-2025-23121 (CVSS score of 9.9) in its Backup & Replication solution that can allow remote attackers to execute arbitrary code under certain conditions.

“A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.” reads the advisory published by the vendor.

The vulnerability impacts Backup & Replication 12.3.1.1139 and all earlier version 12 builds.

Researchers at CODE WHITE GmbH and watchTowr have reported the vulnerability to the company.

Rapid7 researchers, in a technical analysis of the bug, reported that after the patch for CVE-2025-23120 was released in March 2025, researchers revealed it could be bypassed leading to CVE-2025-23121. Veeam’s June 17 advisory rates it 9.9 CVSS and confirms that authenticated domain users can exploit it, mirroring the conditions of the earlier CVE.

“CVE-2025-23121 is credited to security researchers at CODE WHITE GmbH and watchTowr. In March 2025, following the release of the patch for Veeam Backup & Replication’s CVE-2025-23120, these researchers publicly stated that the patch for CVE-2025-23120 could be bypassed.” reported Rapid7. “Veeam’s June 17 advisory states that CVE-2025-23121 is authenticated, the CVSS score is 9.9, and “authenticated domain users” can exploit the vulnerability; all of these details align with the advisory for CVE-2025-23120.”

Veeam also addressed another issue, tracked as CVE-2025-24286, CVSS score: 7.2), impacting the Backup & Replication product.

An authenticated user with the Backup Operator role could exploit the issue to modify backup jobs, which could execute arbitrary code. Nikolai Skliarenko with Trend Micro discovered the vulnerability.

The third issue addressed by the company, tracked as CVE-2025-24287, CVSS score: 6.1), affected Veeam Agent for Microsoft Windows.

“A vulnerability allowing local system users to modify directory contents, allowing for arbitrary code execution on the local system with elevated permissions.” states the advisory.

CrisprXiang disclosed the flaw through Trend Micro Zero Day Initiative.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Backup & Replication)