CVE-2025-48982: 
Veeam Backup & Replication vulnerability analysis and mitigation

The vulnerability CVE-2025-48982 is a High severity flaw (CVSS 7.3) affecting Veeam Agent for Microsoft Windows. This vulnerability was discovered in 2025 and affects versions 6.3.2.1205 and all earlier version 6 builds of the software. The issue allows for Local Privilege Escalation when a system administrator is tricked into restoring a malicious file (Veeam KB, Security Online).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.3 with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H. The technical nature of the vulnerability involves improper handling of file restoration processes that can be exploited for privilege escalation. The flaw was reported by an anonymous contributor working with the Trend Zero Day Initiative (Veeam KB).

If successfully exploited, this vulnerability allows an attacker to achieve Local Privilege Escalation on affected systems. This means an attacker could potentially gain elevated system privileges when a system administrator is deceived into restoring a malicious file (CERT EU).

Veeam has addressed this vulnerability by releasing version 6.3.2.1302 of Veeam Agent for Microsoft Windows. Users are advised to upgrade to this version to mitigate the risk. The fix is available both as part of Veeam Backup & Replication and as a standalone application update (Veeam KB).