CVE-2025-23121: 
Veeam Backup & Replication vulnerability analysis and mitigation

A critical remote code execution (RCE) vulnerability, tracked as CVE-2025-23121, was discovered in Veeam Backup & Replication software. The vulnerability affects domain-joined backup servers and allows authenticated domain users to execute arbitrary code remotely. The flaw was discovered by security researchers at CODE WHITE GmbH and watchTowr, and carries a CVSS score of 9.9. The vulnerability affects Veeam Backup & Replication version 12.3.1.1139 and all earlier version 12 builds (Veeam KB, Rapid7 Blog).

CVE-2025-23121 is particularly concerning as it appears to be a bypass of a previously patched vulnerability (CVE-2025-23120). The vulnerability specifically impacts domain-joined backup servers, a configuration that Veeam explicitly advises against due to security and compliance concerns. However, this setup remains common in real-world deployments. The vulnerability has been assigned a Critical severity rating with a CVSS v3.0 score of 9.9 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) (Veeam KB, SOCRadar).

The vulnerability poses a significant risk as Veeam Backup & Replication has a large deployment footprint and backup solutions are commonly targeted by threat actors. According to Rapid7, more than 20% of their incident response cases in 2024 involved Veeam being accessed or exploited after attackers established a foothold in the target environment (Rapid7 Blog).

Veeam has released version 12.3.2 (build 12.3.2.3617) to address this vulnerability. Organizations are strongly advised to update to the latest version immediately, without waiting for regular patch cycles. Unsupported software versions were not tested but should be considered vulnerable and updated accordingly (Veeam KB).