New Veeam Flaw Allows Arbitrary Code Execution via Man-in-the-Middle Attack

Feb 05, 2025Ravie LakshmananVulnerability / Data Protection

A crucial security flaw that may help an attacker to execute arbitrary code on vulnerable systems has been fixed in Veeam’s copy software.

The risk, tracked as CVE-2025-23114, carries a CVSS tally of 9.0 out of 10.0.

An” A vulnerability within the Veeam Updater element” that enables a Man-in-the-Middle attack to execute random code on the affected product site with root-level rights, according to Veeam in an expert.

The issue has an impact on the following goods:

  • Veeam Backup for Salesforce — 3.1 and older
  • Veeam Backup for Nutanix AHV — 5.0 | 5.1 ( Versions 6 and higher are unaffected by the flaw )
  • Veeam Backup for AWS— 6a | 7 ( Version 8 is unaffected by the weakness )
  • Veeam Backup for Microsoft Azure 5a | 6 ( Version 7 is unaffected by the bug).
  • Veeam Backup for Google Cloud — 4 | 5 ( Version 6 is unaffected by the flaw )
  • Veeam Backup for Red Hat Virtualization and Oracle Linux Virtualization Manager is available in versions 3 | 4.0.0 | 4.11. ( Versions 5 and higher are unaffected by the bug. )

It has been addressed in the following editions:

  • Veeam Backup for Salesforce- Veeam Updater part, type 7.9.0.1124
  • Veeam Backup for the Nutanix AHV-Veeam Updater part, type 9.0.0.1125
  • Veeam Backup for AWS- Veeam Updater part type 9.0.0.1126
  • Veeam Updater part for Microsoft Azure, type 9.0.0.1128
  • Veeam Backup for Google Cloud- Veeam Updater part type 9.0.0.1128
  • Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization- Veeam Updater part type 9.0.0.1127

” If a Veeam Backup &amp, Replication implementation is not protecting AWS, Google Cloud, Microsoft Azure, Nutanix AHV, or Oracle Linux VM/Red Hat Virtualization, like a deployment is not impacted by the vulnerability”, the firm noted.

Found this post interesting? To read more unique content we post, follow us on and Twitter.

Leave a Comment