Veeam addresses critical issue with prompt patch release, researchers advising caution
In a recent development, cybersecurity researchers have identified a critical remote code execution flaw in Veeam Backup & Replication software, tracked as CVE-2025-23121. This vulnerability allows an authenticated domain user to run code on a backup server, posing a significant security risk for the over 550,000 users of this popular data backup tool.
Veeam has swiftly responded to this threat by releasing a patch to address the vulnerability. Automatic updates have been enabled for all backup versions, ensuring that users are protected as soon as possible. However, it's essential for Veeam users to ensure they are using the latest versions of the software and that patches are installed in a timely manner.
This is not the first time Veeam has faced such a security issue. Researchers at watchTowr and Code White GmbH previously disclosed that a patch for a prior vulnerability, tracked as CVE-2025-23120, could be bypassed. These findings highlight the ongoing need for vigilance and prompt action in addressing security concerns.
Ransomware groups have frequently targeted vulnerabilities in Veeam's product, making it crucial for businesses to prioritise their security. In fact, more than 20% of Rapid7's incident response cases in 2024 involved Veeam being accessed or exploited.
To mitigate the risk, Veeam has decided to maintain a list of "bad gadgets" that should not be allowed to be processed within the function known to be inherently insecure. However, watchTowr CEO Benjamin Harris has expressed concerns about the effectiveness of this approach, stating that a blacklisting approach will never be sufficient to address all vulnerabilities.
Harris also mentioned that Veeam is updating a blacklist of "dangerous deserialization gadgets" after they have been reported. The company associated with Harris, however, is not identified in the provided search results.
Despite the security risks, Veeam Backup & Replication remains a valuable tool for backing up, replicating, and restoring company data in case of ransomware attacks or other malicious intrusions. However, it seems that the practice of using domain-joined backup servers, although advised against by Veeam due to security risks, is often used for efficiency purposes.
In conclusion, it's crucial for Veeam users to stay updated with the latest patches and versions to ensure their data is secure. While the company is taking steps to address the vulnerabilities, users must remain vigilant and proactive in maintaining their cybersecurity.
