CVE-2025-23121

Published Jun 19, 2025

Last updated 2 months ago

CVSS high 8.8

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-23121 is a vulnerability affecting Veeam Backup & Replication. It allows for remote code execution (RCE) on the Backup Server. The vulnerability can be exploited by an authenticated domain user. This vulnerability impacts domain-joined backup servers and is likely a bypass of a previous fix for CVE-2025-23120. The affected versions include Veeam Backup & Replication 12.3.1.1139 and all earlier 12 builds. To mitigate this, users should upgrade to Veeam Backup & Replication 12.3.2 (build 12.3.2.3617).

Description
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user
Source
support@hackerone.com
NVD status
Analyzed
Products
veeam_backup_\&_replication

Risk scores

CVSS 3.1

Type
Primary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

CVSS 3.0

Type
Secondary
Base score
9.9
Impact score
6
Exploitability score
3.1
Vector string
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-94

Social media

Hype score
Not currently trending

  1. Veeam Patches CVE-2025-23121: Critical RCE Bug Rated 9.9 CVSS in Backup & Replication #CISO https://t.co/s42Kz7SfNw https://t.co/auVAxxO01S

    @compuchris

    22 Jul 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Veeam Patches CVE-2025-23121: Critical RCE Bug Rated 9.9 CVSS in Backup & Replication https://t.co/Yyr3ASFcZt #Veeam #CVE202523121 #Cybersecurity #RCE #SoftwareUpdate https://t.co/66eqkEy2ka

    @blueteamsec1

    19 Jul 2025

    1452 Impressions

    2 Retweets

    11 Likes

    3 Bookmarks

    1 Reply

    0 Quotes

  3. 紧急Veeam更新:关键RCE CVE-2025-23121 (CVSS 9.9)和其他两个缺陷威胁备份服务器 全球数据保护和灾难恢复解决方案领导者Veeam发布了其旗舰产品Veeam Backup & Replication的关键安全更新,修补了三个漏洞——其中一个

    @chenze654321

    14 Jul 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-23121 no Veeam Backup & Replication era RCE crítica (CVSS 9.9) decorrente de validação inapropriada de payload de backup

    @hashtagsec

    11 Jul 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Veeam has just released a critical patch addressing a remote code execution (RCE) flaw in its Backup & Replication software. Tracked as CVE-2025-23121, this vulnerability carries a CVSS score of 9.9, underscoring its severity. Need help? https://t.co/aq8HgdA8Xh https://t.co/

    @SecurityJoes

    24 Jun 2025

    114 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2025-23121 es una vulnerabilidad crítica de ejecución remota de código (RCE) en Veeam Backup-Replication. https://t.co/9g54YoTHHo #Backup #CobraNetworks #Seguridadenlanube #Veeam

    @Cobra_Networks

    23 Jun 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. ⚠️Vulnerabilidades corregidas de Veeam ❗CVE-2025-23121 ❗CVE-2025-24286 ➡️Más info: https://t.co/d2VvtgBCoH https://t.co/ezF18wgnWw

    @CERTpy

    23 Jun 2025

    149 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Actively exploited CVE : CVE-2025-23121

    @transilienceai

    22 Jun 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. 📌 Veeam patches critical remote code execution flaw in Backup & Replication (CVE-2025-23121, CVSS 9.9). #CyberSecurity #Veeam https://t.co/BZQUqwEshd https://t.co/FMXMbykp79

    @CyberHub_blog

    20 Jun 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Veeam has rolled out patches to contain a critical security flaw impacting its Backup & Replication software that could result in remote code execution. The security defect, tracked as CVE-2025-23121, carries a CVSS score of 9.9 out of a maximum of 10. https://t.co/uIZVWlzUD

    @riskigy

    20 Jun 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Veeam、バックアップサーバー向けに緊急アップデート-重大な脆弱性を含む3件を修正(CVE-2025-23121) #セキュリティ対策Lab #セキュリティ #Security https://t.co/DLAW6OkyWM

    @securityLab_jp

    19 Jun 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. CVE-2025-23121: Veeam Backup & Replication Hit by 9.9 Severity Vulnerability #Veeam #CyberSecurity #CVE202523121 #RCEVulnerability #DataProtection #BackupSecurity #InfoSec #PatchNow #SecurityUpdate #ThreatIntel https://t.co/IFOsyeCDCc

    @cyashadotcom

    19 Jun 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. #Veeam Patches CVE-2025-23121: Critical #RCE Bug Rated 9.9 CVSS in #Backup & Replication https://t.co/4BOb9loCCv https://t.co/abJUakk9Lb

    @omvapt

    19 Jun 2025

    61 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. CVE-2025-23121 A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user https://t.co/W6doprnXhG

    @CVEnew

    19 Jun 2025

    92 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Actively exploited CVE : CVE-2025-23121

    @transilienceai

    19 Jun 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  16. 🚨 3 Critical CVEs – Patch Now! 🔒 Linux (CVE-2025-6018/6019): Root via udisks + PAM ✅ Update all major distros 🧨 Veeam (CVE-2025-23121): RCE via domain user ✅ Patch to v12.1.2.1722 🔥 SAP (CVE-2025-31324): CVSS 10.0 zero-day ✅ Apply Apr/May 2025 SAP Notes htt

    @Samuel257196756

    19 Jun 2025

    79 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Actively exploited CVE : CVE-2025-23121

    @transilienceai

    19 Jun 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  18. CVE-2025-23121 Critical Veeam Backup Vulnerability Backup Servers at Risk from Authenticated RCE Flaw Source: https://t.co/X6TnIr45Oz #CVE202523121 #CriticalVeeamBackup #RCEVeeamBackup #AuthenticatedRCEVeeamBackup https://t.co/8SpkhPGcNX

    @_havij

    19 Jun 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. 18/06/2025 Veeam patches critical RCE vulnerability (CVE-2025-23121) rated 9.9 CVSS! 🚨 Authenticated domain users can exploit this flaw in Backup & Replication. Update ASAP! Source: https://t.co/ipJJwZXJIZ

    @kernyx64

    19 Jun 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. Veeam Backup & Replicationの深刻な脆弱性CVE-2025-23121の修正 https://t.co/n6o2UNXxKs #Security #セキュリティ #ニュース

    @SecureShield_

    19 Jun 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. 🚨Alert🚨CVE-2025-23121:A Vulnerability Allowing Remote Code Execution (RCE) on the Backup Server by an Authenticated Domain User. 👁️NOTE:This vulnerability only impacts domain-joined backup servers. 📊16K+Services are found on the https://t.co/ysWb28Crld yearly. 🔗H

    @HunterMapping

    19 Jun 2025

    3536 Impressions

    20 Retweets

    73 Likes

    22 Bookmarks

    1 Reply

    0 Quotes

  22. Veeam Patches CVE-2025-23121: Critical RCE Bug Rated 9.9 CVSS In Backup & Replication - https://t.co/QUj6IBvufE #thn #infosec

    @mwyres

    18 Jun 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. 🗞️ A critical Remote Code Execution vulnerability (CVE-2025-23121) has been discovered in Veeam Backup & Replication, enabling authenticated domain users to remotely execute code on vulnerable backup servers. Key takeaways: 🧵 https://t.co/BVQ3335PYR

    @gossy_84

    18 Jun 2025

    84 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  24. Veeam Patches CVE-2025-23121: Critical RCE Bug Rated 9.9 CVSS in Backup & Replication #CISO https://t.co/kUSqjFdeXz https://t.co/YPXvAmWX41

    @compuchris

    18 Jun 2025

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. Multiple vulnerabilities have been reported in Veeam and BeyondTrust products, including a critical code execution vulnerability (CVE-2025-23121). Users are urged to apply the necessary patches. https://t.co/kckl94ZaEH

    @BlockesN95299

    18 Jun 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. Veeam Patches the Critical RCE Bug Veeam has released patches to fix critical vulnerabilities in its Backup & Replication software, notably CVE-2025-23121 (CVSS 9.9), which allows remote code execution by authenticated domain users. The flaw affects all version 12 builds up

    @dCypherIO

    18 Jun 2025

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. ⚠️ Veeam Patches CVE-2025-23121: Critical RCE Bug Rated 9.9 CVSS in Backup & Replication https://t.co/Los5Ls0oc1

    @xcybersecnews

    18 Jun 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. Veeam and BeyondTrust have patched critical vulnerabilities allowing remote code execution, including CVE-2025-5309 in BeyondTrust's chat feature and CVE-2025-23121 in Veeam. Stay updated to stay protected. 🛡️ #SecurityAlert #VeeamUK #TechFixes https://t.co/XDfCoaXbFM

    @TweetThreatNews

    18 Jun 2025

    32 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. Veeam has released patches for CVE-2025-23121, a critical RCE vulnerability with a 9.9 CVSS score impacting all prior Veeam Backup & Replication v12 versions. Past patches may have been bypassed, increasing risk. Stay updated! ⚠️ #Veeam #SecurityUpdate https://t.co/oBSyvQ

    @TweetThreatNews

    18 Jun 2025

    60 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. データ保護ソリューション大手Veeamは、自社のバックアップソフトに影響を与える重大な脆弱性3件(CVE-2025-23121、24286、24287)を公表した。 最も深刻なCVE-2025-23121は、認証済みドメインユーザーによるバックア

    @yousukezan

    18 Jun 2025

    561 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  31. ⚠️⚠️ CVE-2025-23121: Critical RCE Bug Rated 9.9 CVSS in Backup & Replication 🎯643+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link: https://t.co/wNNUU0Sro7 FOFA Query:app="Veeam-Backup-Ent-Manager" 🔖Refer:https://t.co/uSXhPRoQOJ #OSIN

    @fofabot

    18 Jun 2025

    1126 Impressions

    2 Retweets

    13 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  32. ⚠️⚠️ CVE-2025-23121: Critical RCE Bug Rated 9.9 CVSS in Backup & Replication 🎯643+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link: https://t.co/wNNUU0Sro7 FOFA Query:app="Veeam-Backup-Ent-Manager" 🔖Refer:https://t.co/uSXhPRoQOJ #OSIN

    @fofabot

    18 Jun 2025

    14 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  33. Veeam released security updates to address a critical remote code execution (RCE) vulnerability, CVE-2025-23121, affecting Veeam Backup & Replication 12 and later. Authenticated domain users can exploit this flaw to execute code on Backup Servers. https://t.co/dK3DOUI7xe

    @securityRSS

    18 Jun 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. 📌 قامت Veeam بإصدار تحديثات لسد ثغرة أمنية حرجة في برنامج Backup & Replication، مما قد يؤدي إلى تنفيذ تعليمات برمجية عن بُعد. الثغرة، المعروفة باسم CVE-2025-23121، تحمل د

    @Cybercachear

    18 Jun 2025

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. Veeam Patches CVE-2025-23121: Critical RCE Bug Rated 9.9 CVSS in Backup & Replication https://t.co/GSbGpHR9KW

    @TheCyberSecHub

    18 Jun 2025

    896 Impressions

    1 Retweet

    4 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  36. 🛑 Veeam - CVE-2025-23121 🔎 Une nouvelle faille critique a été découverte dans Veeam Backup & Replication ! Elle permet une exécution de code à distance sur les serveurs intégrés à un domaine AD. 👉 + d'infos : https://t.co/V7oKHJj4n2 #Veeam #infosec https:

    @ITConnect_fr

    18 Jun 2025

    110 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  37. ⚡️The vulnerability details are now available: https://t.co/fE5MQIEQuC 🚨🚨CVE-2025-23121 (CVSS 9.9) hits Veeam Backup & Replication! Authenticated domain users can exploit this RCE flaw to take over Backup Servers. ZoomEye Dork👉app="Veeam Backup Enterprise Mana

    @zoomeye_team

    18 Jun 2025

    677 Impressions

    1 Retweet

    4 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  38. 🚨 On 6/17/25, backup & recovery software provider #Veeam published a security advisory for a critical RCE vuln tracked as CVE-2025-23121. Over 20% of Rapid7 IR cases in 2024 involved Veeam being accessed or exploited in some manner. More in our blog: https://t.co/1lwwZl

    @rapid7

    17 Jun 2025

    79 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. Security Bulletin: CVE-2025-23121 (CVSS 9.9) is a critical RCE flaw in Veeam Backup & Replication 12.x on domain-joined servers. Exploitable by authenticated domain users. Admins should patch to 12.3.2.3617 and follow isolation best practices. #Thr... https://t.co/9DnqLVJxpp

    @RedLegg

    17 Jun 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. Veeam Backup & Replication 12.3.2 リリース情報(2025年6月17日) 認証済みのドメインユーザーによるリモートコード実行(RCE)が可能な脆弱性 CVE-2025-23121 Critical CVSS 9.9 やCVE-2025-24286、CVE-2025-24287を解決しました。 htt

    @t_nihonmatsu

    17 Jun 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. 【また君か】バックアップ製品Veeam Backup & Replication (VBR)に重大(Critical)な脆弱性。CVE-2025-23121はCVSSスコア9.9で、ドメイン上の低権限ユーザーが簡単にバックアップサーバ上でのコード実行が可能なもの。修正

    @__kokumoto

    17 Jun 2025

    1250 Impressions

    2 Retweets

    15 Likes

    5 Bookmarks

    1 Reply

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.