Feb 05, 2025Ravie LakshmananVulnerability / Data ProtectionVeeam has released patches to address a critical security flaw impacting its Backup software that could allow an attacker to execute arbitrary code on susceptible systems.The vulnerability, tracked as CVE-2025-23114, carries a CVSS score of 9.0 out of 10.0."A vulnerability within the Veeam Updater component that allows an attacker to utilize a Man-in-the-Middle attack to execute arbitrary code on the affected appliance server with root-level permissions," Veeam said in an advisory.The shortcoming impacts the following products -Veeam Backup for Salesforce 3.1 and olderVeeam Backup for Nutanix AHV 5.0 | 5.1 (Versions 6 and higher are unaffected by the flaw)Veeam Backup for AWS 6a | 7 (Version 8 is unaffected by the flaw)Veeam Backup for Microsoft Azure 5a | 6 (Version 7 is unaffected by the flaw)Veeam Backup for Google Cloud 4 | 5 (Version 6 is unaffected by the flaw)Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization 3 | 4.0 | 4.1 (Versions 5 and higher are unaffected by the flaw)It has been addressed in the below versions -Veeam Backup for Salesforce - Veeam Updater component version 7.9.0.1124Veeam Backup for Nutanix AHV - Veeam Updater component version 9.0.0.1125Veeam Backup for AWS - Veeam Updater component version 9.0.0.1126Veeam Backup for Microsoft Azure - Veeam Updater component version 9.0.0.1128Veeam Backup for Google Cloud - Veeam Updater component version 9.0.0.1128Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization - Veeam Updater component version 9.0.0.1127"If a Veeam Backup & Replication deployment is not protecting AWS, Google Cloud, Microsoft Azure, Nutanix AHV, or Oracle Linux VM/Red Hat Virtualization, such a deployment is not impacted by the vulnerability," the company noted.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE