Critical Remote Code Execution Vulnerabilities in Veeam Backup & Replication

Veeam released a security advisory disclosing multiple vulnerabilities in its Veeam Backup & Replication and Veeam Agent for Microsoft Windows products. Two of the vulnerabilities, CVE-2025-48983 and CVE-2025-48984, were rated as critical with a CVSS score of 9.9, indicating a severe risk to affected systems. Both critical vulnerabilities reside in the Veeam Backup & Replication product and allow an authenticated domain user to execute arbitrary code on backup infrastructure hosts and the backup server, respectively. These flaws specifically impact Veeam Backup & Replication version 12.3.2.3617 and all earlier version 12 builds, but only on domain-joined backup servers. A third vulnerability, CVE-2025-48982, affects Veeam Agent for Microsoft Windows and allows for local privilege escalation if a system administrator is tricked into restoring a malicious file. This vulnerability impacts version 6.3.2.1205 and all earlier version 6 builds of the agent. The vendor has indicated that unsupported product versions have not been tested but are likely vulnerable and should be considered at risk. The vulnerabilities were disclosed on October 14, 2025, and security advisories were published the following day to alert users and administrators. CERT-EU and other security organizations have strongly recommended that organizations update affected software immediately to mitigate the risk of exploitation. In addition to patching, following Veeam's implementation best practices is advised to further reduce exposure. The vulnerabilities require an authenticated domain user for exploitation, which means that attackers would need valid credentials or access to a compromised account within the target environment. The potential impact of successful exploitation includes full remote code execution on critical backup infrastructure, which could lead to data theft, ransomware deployment, or destruction of backup data. The disclosure has raised concerns in the security community due to the critical nature of backup systems in organizational resilience and recovery. Security advisories have emphasized the urgency of remediation, given the high CVSS scores and the potential for significant operational disruption. Organizations are also advised to review their backup server configurations and restrict access to trusted users only. The vendor has provided detailed guidance and best practices for hardening Veeam deployments, including recommendations for both workgroup and domain-joined environments. The vulnerabilities highlight the ongoing risks associated with backup infrastructure and the importance of timely patch management. Security teams are urged to monitor for signs of exploitation and to ensure that all backup-related systems are included in vulnerability management programs. The incident underscores the need for layered security controls and regular review of privileged access within enterprise environments.