Veeam Patches CVE-2025-23121: Critical RCE Bug in Backup & Replication

Veeam, a prominent data backup and disaster recovery solution provider, has recently addressed a critical security vulnerability in its Backup and Replication software. The flaw, CVE-2025-23121, poses a significant risk as it could allow remote code execution (RCE) on affected systems. With a near-maximum CVSS score of 9.9, this vulnerability demands immediate attention and patching. A robust Patch Management Software can prevent such vulnerabilities from affecting your IT.

The root cause of CVE-2025-23121 lies in uncontrolled deserialization vulnerabilities associated with BinaryFormatter, a deprecated component that Microsoft has explicitly warned against using for deserializing data. According to Microsoft, BinaryFormatter cannot be made secure.

Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code under certain conditions, emphasizing the critical need for immediate patching.

Although no public proof-of-concept exploit has been released yet, security researchers have demonstrated that the patch for a similar vulnerability, CVE-2025-23120, could be bypassed, leading to the discovery of CVE-2025-23121. This highlights the challenges in entirely eradicating vulnerabilities related to BinaryFormatter.

The impact of CVE-2025-23121 is substantial, primarily because Veeam Backup & Replication is a frequent target for ransomware groups. Successful exploitation could lead to:

• Remote code execution on the backup server.
• Compromise of backup data, leading to data loss or encryption.
• Potential for lateral movement within the network.

It was found that more than 20% of its incident response cases in 2024 involved either the access or exploitation of Veeam, once a threat actor had already established a foothold in the target environment.

With security flaws in Veeam backup software becoming a prime target for attackers in recent years, it’s crucial to immediately update to the latest version.

Attackers actively exploit Veeam Backup & Replication vulnerabilities in their attack chains. Key MITRE ATT&CK TTPs observed include:

• TA0001 – Initial Access: Attackers exploit public-facing applications to gain an initial foothold.
• TA0002 – Execution: Exploit client-side vulnerabilities to execute arbitrary code.
• T1190 – Exploit Public-Facing Application: Leverage vulnerabilities in public-facing applications to gain access to the system.
• T1203 – Exploitation for Client Execution: Exploit vulnerabilities in client-side applications to execute malicious code.

The vulnerability impacts the following Veeam products and versions:

• Veeam Backup & Replication version 12 builds (including 12.3.1.1139)

To mitigate the risk posed by CVE-2025-23121, Veeam has released patched versions of its software. It is crucial to take the following actions:

• Update Veeam Backup & Replication to version 12.3.2 (build 12.3.2.3617).

Organizations are advised to apply these updates immediately to protect their systems from potential exploitation.

In addition to CVE-2025-23121, Veeam has also addressed the following vulnerabilities:

• CVE-2025-24286 (CVSS score: 7.2): An authenticated user with the Backup Operator role could modify backup jobs, leading to arbitrary code execution.
• CVE-2025-24287 (CVSS score: 6.1): Local system users could modify directory contents, allowing for arbitrary code execution with elevated permissions.

These vulnerabilities have been patched in Veeam Backup & Replication 12.3.2 (build 12.3.2.3617) and Veeam Agent for Microsoft Windows 6.3.2 (build 6.3.2.1205), respectively.

Saner patch management is a continuous, automated, and integrated software that instantly fixes risks exploited in the wild. The software supports major operating systems like Windows, Linux, and macOS, as well as 550+ third-party applications.

It also allows you to set up a safe testing area to test patches before deploying them in a primary production environment. Saner patch management additionally supports a patch rollback feature in case of patch failure or a system malfunction.

Experience the fastest and most accurate patching software here.