New Veeam Flaw Allows Arbitrary Code Execution via Man-in-the-Middle Attack

Feb 05, 2025Ravie LakshmananVulnerability / Data Protection

Veeam has released patches to fix a crucial security flaw that may cause an intruder to write arbitrary code on vulnerable systems.

The risk, tracked as CVE-2025-23114, carries a CVSS tally of 9.0 out of 10.0.

An vulnerability in the Veeam Updater element enables a hacker to execute arbitrary code with root-level permissions on the damaged appliance server, according to Veeam in an expert.

The issue has an impact on the following goods:

  • Veeam Backup for Salesforce — 3.1 and older
  • Veeam Backup for Nutanix AHV — 5.0 | 5.1 ( Versions 6 and higher are unaffected by the flaw )
  • Veeam Backup for AWS— 6a | 7 ( Version 8 is unaffected by the weakness )
  • Veeam Backup for Microsoft Azure 5a | 6 ( Version 7 is unaffected by the bug).
  • Veeam Backup for Google Cloud — 4 | 5 ( Version 6 is unaffected by the flaw )
  • Oracle Linux Virtualization Manager and Red Hat Virtualization 3| 4.0.0 | 4.1.1 ( Versions 5 and higher are undetectable by the bug).

The following types address this issue:

  • Veeam Backup for Salesforce- Veeam Updater part, type 7.9.0.1124
  • Veeam Backup for the Nutanix AHV-Veeam Updater part, type 9.0.0.1125
  • Veeam Backup for AWS- Veeam Updater part type 9.0.0.1126
  • Veeam Updater part for Microsoft Azure, type 9.0.0.1128
  • Veeam Backup for Google Cloud- Veeam Updater part type 9.0.0.1128
  • Veeam Backup for Red Hat Virtualization and Oracle Linux Virtualization Manager, type 9.0.0.1127, Veeam Updater part

” If a Veeam Backup &amp, Replication implementation is not protecting AWS, Google Cloud, Microsoft Azure, Nutanix AHV, or Oracle Linux VM/Red Hat Virtualization, like a deployment is not impacted by the vulnerability”, the firm noted.

Found this post exciting? To read more unique information we post, follow us on and Twitter.

Leave a Comment