Veeam patches critical security flaw in backup software

Veeam has addressed a serious security issue in its Backup & Replication software. The vulnerability, known as CVE-2025-23120, allows domain users to execute malicious code on backup servers. Veeam released a patch for this issue in version 12.3.1 on March 20, 2025. The flaw affects version 12.3.0.310 and earlier builds of the software. It is a type of vulnerability called deserialization, which means that the software fails to properly handle data, allowing hackers to inject harmful code. The security firm watchTowr Labs discovered the issue. They noted that it took advantage of a different approach than previous vulnerabilities that had been addressed. Despite earlier fixes, this new vulnerability highlights ongoing risks with the software. Only installations joined to a domain are vulnerable. Unfortunately, this makes the issue easily exploitable, as many businesses have linked their Veeam servers to a Windows domain against the company’s recommendations. Ransomware groups have shown interest in Veeam products because they provide easy access to backups, which are crucial for restoring data. There are currently no known cases of this vulnerability being exploited, but experts believe proof-of-concept attacks may emerge soon. Companies using Veeam Backup & Replication should urgently update to the latest version. Additionally, it is advisable to review security practices, including the possibility of disconnecting the servers from their domains, to enhance protection against potential attacks.