Important: Veeam Backup & Replication Critical Vulnerabilities

We’d like to make you aware of two critical security vulnerabilities (CVSS 9.9) that have recently been identified in Veeam Backup & Replication v12. These vulnerabilities could allow an authenticated domain user to execute remote code on affected servers.

Summary of the Vulnerabilities:

• CVE-2025-48983 – A vulnerability in the Mount service of Veeam Backup & Replication that allows remote code execution on backup infrastructure hosts.
• CVE-2025-48984 – A vulnerability that allows remote code execution on the Backup Server.
  

What’s Affected:

• Domain-joined Veeam Backup & Replication v12 environments.
• The Veeam Software Appliance and upcoming v13 for Microsoft Windows are not impacted.
  
  

Recommended Action:

We strongly encourage reviewing your environment to identify if you are running an affected version. If so, patching or mitigation steps should be applied as soon as possible to reduce exposure.

At Huon IT, a Kyocera group company, we understand the critical importance of securing your infrastructure. If you need assistance in reviewing or resolving this issue, please don’t hesitate to contact Huon IT. You can reach their helpdesk at help@huonit.com.au.