Veeam has rolled out crucial security patches addressing multiple vulnerabilities in its Backup & Replication (VBR) software—most notably, a critical remote code execution (RCE) flaw tracked as CVE-2025-23121.
This specific vulnerability, discovered by researchers at watchTowr and CodeWhite, impacts only those VBR installations that are joined to a domain. According to Veeam’s security advisory released on Tuesday, the flaw allows authenticated domain users to execute code remotely on the backup server through relatively simple attack methods. The issue affects Veeam Backup & Replication version 12 and later and has been resolved in version 12.3.2.3617, which was made available earlier today.
Despite the restriction to domain-linked systems, the vulnerability can be exploited by any domain user—posing a serious risk in environments where this configuration exists.
Many organizations still connect their backup servers to Windows domains, contrary to Veeam's best practices. The company advises using a separate Active Directory Forest and enforcing two-factor authentication for administrative accounts.
This is not the first time Veeam has faced such issues. In March, the company addressed another RCE vulnerability (CVE-2025-23120), also targeting domain-connected installations.
Ransomware operators have long focused on VBR servers due to their strategic value. These systems often serve as the gateway to deleting backups and crippling restoration efforts, as BleepingComputer was told by threat actors in prior years.
Recent incidents further highlight the ongoing risk. Sophos X-Ops disclosed in November that CVE-2024-40711, revealed in September, is actively being used to deploy Frag ransomware. This flaw was also weaponized in Akira and Fog ransomware campaigns starting October.
Historically, groups like the Cuba ransomware gang and FIN7—a financially motivated threat group with ties to Conti, REvil, Maze, and BlackBasta—have exploited similar VBR vulnerabilities.
Veeam's software is widely used across industries, serving over 550,000 customers globally, including 82% of Fortune 500 and 74% of Global 2,000 companies.
