Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2025-23114
CVE-2025-23114:
Veeam Backup & Replication vulnerability analysis and mitigation
Overview
A critical security vulnerability (CVE-2025-23114) with a CVSS score of 9.0 was discovered in the Veeam Updater component, affecting multiple Veeam backup products. The vulnerability, disclosed on February 4, 2025, allows attackers to perform Man-in-the-Middle (MitM) attacks, potentially leading to remote code execution with root-level permissions on affected servers. The affected products include Veeam Backup for Salesforce (3.1 and older), Veeam Backup for Nutanix AHV (5.0 and 5.1), Veeam Backup for AWS (6a and 7), Veeam Backup for Microsoft Azure (5a and 6), Veeam Backup for Google Cloud (4 and 5), and Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization (3, 4.0, and 4.1) (Hacker News, SOCRadar).
Technical details
The vulnerability resides within the Veeam Updater component, which is responsible for managing updates across various Veeam backup products. An attacker positioned between the vulnerable Veeam appliance and its update server can intercept and tamper with update requests, injecting malicious code into the system. The vulnerability has been assigned a CVSS v3.1 score of 9.0 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) (Veeam KB, SOCRadar).
Impact
The successful exploitation of this vulnerability could lead to complete system compromise, including data theft, ransomware deployment, or persistent access within an organization's infrastructure. Given the root-level permissions obtained through exploitation, attackers could gain full control over the affected backup servers (SOCRadar).
Mitigation and workarounds
Veeam has addressed this vulnerability by releasing updated versions of the Veeam Updater component for each affected product. The fixed versions are: Veeam Backup for Salesforce (7.9.0.1124), Veeam Backup for Nutanix AHV (9.0.0.1125), Veeam Backup for AWS (9.0.0.1126), Veeam Backup for Microsoft Azure (9.0.0.1128), Veeam Backup for Google Cloud (9.0.0.1128), and Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization (9.0.0.1127). Users are strongly urged to update their systems immediately using the built-in Veeam Updater (Veeam KB, Hacker News).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management