Veeam has released patches to fix a crucial security flaw that may cause an intruder to write arbitrary code on vulnerable systems.
The risk, tracked as CVE-2025-23114, carries a CVSS tally of 9.0 out of 10.0.
An vulnerability in the Veeam Updater element enables a hacker to execute arbitrary code with root-level permissions on the damaged appliance server, according to Veeam in an expert.
The issue has an impact on the following goods:
- Veeam Backup for Salesforce — 3.1 and older
- Veeam Backup for Nutanix AHV — 5.0 | 5.1 ( Versions 6 and higher are unaffected by the flaw )
- Veeam Backup for AWS— 6a | 7 ( Version 8 is unaffected by the weakness )
- Veeam Backup for Microsoft Azure 5a | 6 ( Version 7 is unaffected by the bug).
- Veeam Backup for Google Cloud — 4 | 5 ( Version 6 is unaffected by the flaw )
- Oracle Linux Virtualization Manager and Red Hat Virtualization 3| 4.0.0 | 4.1.1 ( Versions 5 and higher are undetectable by the bug).
The following types address this issue:
- Veeam Backup for Salesforce- Veeam Updater part, type 7.9.0.1124
- Veeam Backup for the Nutanix AHV-Veeam Updater part, type 9.0.0.1125
- Veeam Backup for AWS- Veeam Updater part type 9.0.0.1126
- Veeam Updater part for Microsoft Azure, type 9.0.0.1128
- Veeam Backup for Google Cloud- Veeam Updater part type 9.0.0.1128
- Veeam Backup for Red Hat Virtualization and Oracle Linux Virtualization Manager, type 9.0.0.1127, Veeam Updater part
” If a Veeam Backup &, Replication implementation is not protecting AWS, Google Cloud, Microsoft Azure, Nutanix AHV, or Oracle Linux VM/Red Hat Virtualization, like a deployment is not impacted by the vulnerability”, the firm noted.