Veeam has issued an urgent security update to fix several critical remote code execution (RCE) vulnerabilities affecting Veeam Backup & Replication version 12. These flaws could let authenticated domain users execute malicious code on backup servers and infrastructure hosts, posing a severe threat to organizations.
Two of the most dangerous vulnerabilities specifically impact domain-joined installations of Veeam Backup & Replication v12.
- CVE-2025-48983 targets the Mount service on backup infrastructure hosts. Exploitation by an authenticated domain user can allow arbitrary remote code execution. This vulnerability has a CVSS v3.1 score of 9.9, marking it as critical.
- CVE-2025-48984 permits RCE on the primary backup server by an authenticated domain user, also rated 9.9 in severity.
These vulnerabilities were discovered by external researchers: CODE WHITE for CVE-2025-48983, and Sina Kheirkhah (@SinSinology) with Piotr Bazydlo (@chudyPB) from watchTowr for CVE-2025-48984. Systems running unsupported versions should be considered vulnerable until patched.
In addition, a high-severity local privilege escalation (LPE) flaw exists in Veeam Agent for Microsoft Windows. Labeled CVE-2025-48982, it can be triggered if an administrator restores a maliciously crafted file, leading to elevated system privileges. With a CVSS score of 7.3, this vulnerability also requires prompt attention.
All three vulnerabilities have been addressed in the following updates:
- Veeam Backup & Replication 12.3.2.4165
- Veeam Agent for Microsoft Windows 6.3.2.1302
Veeam’s Vulnerability Disclosure Program ensures rapid patching, but attackers often analyze released updates to exploit unpatched systems. Organizations must apply these updates immediately and verify that all backup servers and infrastructure hosts run the latest versions.
Administrators are advised to follow Veeam Backup & Replication Security Best Practice Guide, which includes hardening recommendations for domain and workgroup deployments. Regular auditing of servers and strict access control policies will further reduce the risk of exploitation.
Summary of Vulnerabilities:
| CVE ID | Description | Severity | CVSS Score |
|---|---|---|---|
| CVE-2025-48983 | RCE via Mount service on backup infrastructure hosts by authenticated user | Critical | 9.9 |
| CVE-2025-48984 | RCE on backup server by authenticated domain user | Critical | 9.9 |
| CVE-2025-48982 | Local privilege escalation in Veeam Agent for Windows when restoring malicious file | High | 7.3 |
