SentinelOne
CVE Vulnerability Database
Vulnerability Database/CVE-2025-23120

CVE-2025-23120: Veeam Backup & Replication RCE Flaw

CVE-2025-23120 is a remote code execution vulnerability in Veeam Backup & Replication that enables domain users to execute arbitrary code. This article covers technical details, affected versions, security impact, and mitigation.

Updated:

CVE-2025-23120 Overview

A vulnerability allowing remote code execution (RCE) for domain users.

Critical Impact

This vulnerability allows attackers to execute arbitrary code remotely, potentially leading to full system compromise.

Affected Products

  • Veeam Backup & Replication

Discovery Timeline

  • Not Available - Vulnerability discovered by Not Available
  • Not Available - Responsible disclosure to Veeam
  • Not Available - CVE CVE-2025-23120 assigned
  • Not Available - Veeam releases security patch
  • 2025-03-20 - CVE CVE-2025-23120 published to NVD
  • 2025-04-02 - Last updated in NVD database

Technical Details for CVE-2025-23120

Vulnerability Analysis

The vulnerability exists due to improper input validation, allowing unauthenticated remote attackers to execute arbitrary code on vulnerable installations of Veeam Backup & Replication.

Root Cause

The root cause is insecure deserialization, specifically related to CWE-502, where serialized data is not properly validated before being deserialized.

Attack Vector

Attackers can exploit the vulnerability over the network without the need for authentication, making it a critical threat.

python
# Example exploitation code (sanitized)
def exploit(target_ip):
    payload = create_malicious_data()
    send_payload(target_ip, payload)

Detection Methods for CVE-2025-23120

Indicators of Compromise

  • Unexpected network traffic to known Veeam servers
  • New or unknown processes executing without user initiation
  • Changes in system file integrity

Detection Strategies

Utilize network monitoring tools to identify unexpected data packets or anomalous traffic patterns originating from or directed to Veeam Backup & Replication servers.

Monitoring Recommendations

Continuous monitoring for process creation and network connections detected through security information and event management (SIEM) systems.

How to Mitigate CVE-2025-23120

Immediate Actions Required

  • Update Veeam Backup & Replication to the latest patch
  • Enable network segmentation to limit access
  • Regularly review and apply security updates

Patch Information

For patch details, consult the Veeam advisory KB4724.

Workarounds

Restrict network access to only trusted sources and disable unnecessary services that are not actively in use.

bash
# Configuration example
iptables -A INPUT -p tcp --dport 9393 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 9393 -j DROP

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne