Vulnerability DatabaseCVE-2023-27532

CVE-2023-27532:
Veeam Backup & Replication vulnerability analysis and mitigation

Overview

CVE-2023-27532 is a vulnerability discovered in Veeam Backup & Replication component that allows an unauthenticated user to retrieve encrypted credentials stored in the configuration database. The vulnerability was disclosed on March 7, 2023, affecting all versions prior to V12 (build 12.0.0.1420 P20230223) and V11a (build 11.0.1.1261 P20230227). The vulnerability specifically impacts the Veeam Backup & Replication and Veeam Cloud Connect products (Veeam KB).

Technical details

The vulnerability exists in the Veeam.Backup.Service.exe process, which listens on TCP port 9401 by default. The service implements a Windows Communication Foundation (WCF) service that exposes an unauthenticated API endpoint. Through this endpoint, attackers can request and obtain encrypted credentials from the configuration database, which can then be decrypted using additional API calls (Horizon3). The vulnerability has been assigned a High severity rating with a CVSS v3 score of 7.5 (Veeam KB).

Impact

The exploitation of this vulnerability could lead to attackers gaining access to the backup infrastructure hosts. With access to the open TCP port 9401, any individual could obtain credentials and potentially move laterally throughout the network with the exposed usernames and passwords (Huntress).

Mitigation and workarounds

Organizations should upgrade to Veeam Backup & Replication version 12 (build 12.0.0.1420 P20230223) or version 11a (build 11.0.1.1261 P20230227) or later. For systems using an all-in-one Veeam appliance with no remote backup infrastructure components, a temporary workaround is to block external connections to port TCP 9401 in the backup server firewall until the patch can be installed (Veeam KB).

Community reactions

Security researchers and organizations quickly responded to the vulnerability disclosure. CODE WHITE GmbH researchers demonstrated the vulnerability's severity through a proof-of-concept exploit. Huntress researchers conducted extensive analysis and proactively identified affected partners, sending incident reports to those running vulnerable versions (Huntress).

Additional resources

Source: This report was generated using AI

Related Veeam Backup & Replication vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-48983	CRITICAL	9.9	Veeam Backup & Replication	cpe:2.3:a:veeam:backup_and_replication	No	Yes	Oct 31, 2025
CVE-2025-48984	HIGH	8.8	Veeam Backup & Replication	cpe:2.3:a:veeam:veeam_backup_\&_replication	No	Yes	Oct 31, 2025
CVE-2025-23121	HIGH	8.8	Veeam Backup & Replication	cpe:2.3:a:veeam:backup_and_replication	No	Yes	Jun 19, 2025
CVE-2025-48982	HIGH	7.8	Veeam Backup & Replication	cpe:2.3:a:veeam:backup_and_replication	No	Yes	Oct 31, 2025
CVE-2025-24286	MEDIUM	4.9	Veeam Backup & Replication	cpe:2.3:a:veeam:veeam_backup_\&_replication	No	Yes	Jun 19, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

A threat intelligence database

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."

David EstlickCISO

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

Adam FletcherChief Security Officer

"We know that if Wiz identifies something as critical, it actually is."

Greg PoniatowskiHead of Threat and Vulnerability Management

Get a demo

CVE-2023-27532: Veeam Backup & Replication vulnerability analysis and mitigation