We would like to inform you of a critical vulnerability that has been patched in the latest update of Veeam Backup and Replication 12.3.2. This vulnerability affects all earlier version 12 builds. The issue has been classified as critical-risk, with a CVSSv3 score of 9.9. Given the severity of this vulnerability, it is crucial that you take immediate action to ensure your systems remain secure.
Vulnerability Details:
CVE-2025-23121
Description: A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.
Severity: Critical
CVSS v3.0 Score: 9.9
To secure your environment, we strongly recommend updating to Veeam Backup and Replication 12.3.2 or higher as soon as possible.
See the official communication from Veeam here.