- Veeam released a patch to a 9.9/10 -swarming error that can lead to RCE
- It was found in Veeam Backup & Restoration
- The error only works on installations connected to a domain
VEEAM released a patch for a vulnerability at the critical level recently discovered in its backup & replication software.
The vulnerability traced as CVE-2025-23120 is described as a deserialization error that allows approved domain users to perform Remote Code Execution (RCE) attack. It got a severity of 9.9/10 (critical) and affects VEEAM BACKUP & REPLICATION 12.3.0.310 and all previous version 12 buildings.
It was fastened with version 12.3.1 (Build 12.3.1.1139).
Blacklists and whitenlists
The Bug was discovered by cybersecurity -scientists Watchtowr labs that threw Veeam for the way it solves Deserialization Problems:
“It seems that Veeam, despite being a ransomware -Band’s favorite game – did not learn after the lesson given by Frycos in previous studies that were published. You guessed it – the fixed Deserialization problems by adding items to their deserialization blacklist,” the researchers explained.
Adding items to a Deserialization Black List does not work because hackers can always find new ways, and the developers always end up being reactive to their behavior, Watchtowr explained. Instead, it suggests that Veeam should choose a whitelist approach.
Despite its critical difficulty, the error is not so simple to explicit as it only affects the VEEAM backup and replication installations that were connected to a domain.
On the disadvantage, any domain user can take advantage of the error. Bleeping computer claims that “many companies” joined their VEEAM server to a Windows domain, “ignoring the company’s long-standing best practice.”
The same publication claims that ransomware -bands have already told them that they are always targeting the VEAMAM backup and replication servers as they are an easy way into archives with sensitive information and allow them to block any restoration and backup effort.
At the time of the press, there were no reports of abuse of wild ones, but it is safe to assume that there will be, and soon-now where the cat is out of the bag.
If your company uses Veeams Backup & Replication, be sure to upgrade it to version 12.3.1 as soon as you can.
Via Bleeping computer
