Veeam Software has released version 12.3.2 of its Backup & Replication platform, including important security patches that resolve several vulnerabilities identified in earlier versions. The recent update addresses three notable vulnerabilities.
One critical flaw (tracked as CVE-2025-23121) could allow an authenticated domain user to perform remote code execution on domain-joined backup servers. Another issue (CVE-2025-24286) enables users with the Backup Operator role to modify backup jobs, potentially leading to arbitrary code execution while another medium-severity vulnerability (CVE-2025-24287) affects local users by allowing modification of directory contents to execute code with elevated permissions on the local system.
All of these issues have been fixed in the latest build.
Applying the latest updates helps ensure that systems remain protected against such threats. Organizations utilizing Veeam are advised to review their current versions and implement the latest patches to safeguard their data and operations and utilize resources such as their official Vulnerability Disclosure Program (VDP) which helps users stay informed about security issues and internally checks for and promptly releases patches when vulnerabilities are discovered.
Learn more about Veeam’s security release and advisory on their official post here.
Leave a Reply