NewsSecurity Vulnerabilities

Critical Vulnerabilities in Veeam Backup

On October 14th 2025, Veeam released a security advisory addressing multiple vulnerabilities including 2 critical in its Veeam Backup product.

The vulnerability CVE-2025-48983, with a CVSS score of 9.9, resides in the Mount service of Veeam Backup & Replication and allows an authenticated domain user to execute arbitrary code on backup infrastructure hosts.

The vulnerability CVE-2025-48984, with a CVSS score of 9.9, allows an authenticated domain user to execute arbitrary code remote code execution (RCE) on the Backup Server.

The vulnerability CVE-2025-48982, with a CVSS score of 7.3, resides in Veeam Agent for Microsoft Windows and allows for Local Privilege Escalation if a system administrator is tricked into restoring a malicious file.

Affected Products

The vulnerabilities CVE-2025-48983 and CVE-2025-48984 impact Veeam Backup & Replication 12.3.2.3617 and all earlier version 12 builds. They only impact domain-joined backup servers.

The vulnerability CVE-2025-48982 impacts Veeam Agent for Microsoft Windows 6.3.2.1205 and all earlier version 6 builds.

The vendor mentions that unsupported product versions are not tested, but are likely affected and should be considered vulnerable.

Further details = https://www.veeam.com/kb4771

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.