<ul><li>Veeam released a patch for a critical-level vulnerability found in its Backup & Replication software, which allows for remote code execution (RCE) attacks.</li><li>The vulnerability, tracked as CVE-2025-23120, is described as a deserialization flaw and has a severity score of 9.9/10 (critical).</li><li>The bug affects Veeam Backup & Replication 12.3.0.310 and all earlier versions, and was fixed with version 12.3.1 (build 12.3.1.1139).</li><li>The bug only impacts Veeam Backup & Replication installations joined to a domain, and any domain user can exploit it.</li></ul>

Veeam urges users to patch security issues which could allow backup hacks

Discover more