#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Veeam | Breaking Cybersecurity News | The Hacker News

Category — Veeam
Veeam and IBM Release Patches for High-Risk Flaws in Backup and AIX Systems

Veeam and IBM Release Patches for High-Risk Flaws in Backup and AIX Systems

Mar 20, 2025 Vulnerability / Software Update
Veeam has released security updates to address a critical security flaw impacting its Backup & Replication software that could lead to remote code execution. The vulnerability, tracked as CVE-2025-23120 , carries a CVSS score of 9.9 out of 10.0. It affects 12.3.0.310 and all earlier version 12 builds. "A vulnerability allowing remote code execution (RCE) by authenticated domain users," the company said in an advisory released Wednesday. Security researcher Piotr Bazydlo of watchTowr has been credited with discovering and reporting the flaw, which has been resolved in version 12.3.1 (build 12.3.1.1139). According to Bazydlo and researcher Sina Kheirkhah, CVE-2025-23120 stems from Veeam's inconsistent handling of deserialization mechanism, causing an allowlisted class that can be deserialized to pave the way for an inner deserialization that implements a blocklist-based approach to prevent deserialization of data deemed risky by the company. This also means that ...
New Veeam Flaw Allows Arbitrary Code Execution via Man-in-the-Middle Attack

New Veeam Flaw Allows Arbitrary Code Execution via Man-in-the-Middle Attack

Feb 05, 2025 Vulnerability / Data Protection
Veeam has released patches to address a critical security flaw impacting its Backup software that could allow an attacker to execute arbitrary code on susceptible systems. The vulnerability, tracked as CVE-2025-23114 , carries a CVSS score of 9.0 out of 10.0. "A vulnerability within the Veeam Updater component that allows an attacker to utilize a Man-in-the-Middle attack to execute arbitrary code on the affected appliance server with root-level permissions," Veeam said in an advisory. The shortcoming impacts the following products - Veeam Backup for Salesforce — 3.1 and older Veeam Backup for Nutanix AHV — 5.0 | 5.1 (Versions 6 and higher are unaffected by the flaw) Veeam Backup for AWS — 6a | 7 (Version 8 is unaffected by the flaw) Veeam Backup for Microsoft Azure — 5a | 6 (Version 7 is unaffected by the flaw) Veeam Backup for Google Cloud — 4 | 5 (Version 6 is unaffected by the flaw) Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization...
Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console

Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console

Dec 04, 2024 Vulnerability / Ransomware
Veeam has released security updates to address a critical flaw impacting Service Provider Console (VSPC) that could pave the way for remote code execution on susceptible instances. The vulnerability, tracked as CVE-2024-42448, carries a CVSS score of 9.9 out of a maximum of 10.0. The company noted that the bug was identified during internal testing. "From the VSPC management agent machine, under the condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine," Veeam said in an advisory. Another defect patched by Veeam relates to a vulnerability (CVE-2024-42449, CVSS score: 7.1) that could be abused to leak an NTLM hash of the VSPC server service account and delete files on the VSPC server machine. Both the identified vulnerabilities affect Veeam Service Provider Console 8.1.0.21377 and all earlier versions of 7 and 8 builds. They have been addressed in version 8.1.0.21999. Veeam furt...
cyber security

GenAI Security Best Practices Cheat Sheet

websiteWizCybersecurity / GenAI Security
Secure your GenAI systems fast with 7 must-know best practices to stop data poisoning, model theft, and more—plus ways AI can boost your defenses.
cyber security

Find the Coverage Gaps in Your Security Tools

websitePrelude SecurityContinuous Control Monitoring
Try Prelude free for 14 days to find gaps in your security tools, maximizing the controls you already have.
Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass

Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass

May 22, 2024 Enterprise Security / Vulnerability
Users of Veeam Backup Enterprise Manager are being urged to update to the latest version following the discovery of a critical security flaw that could permit an adversary to bypass authentication protections. Tracked as  CVE-2024-29849  (CVSS score: 9.8), the  vulnerability  could allow an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface as any user. The company has also disclosed three other shortcomings impacting the same product - CVE-2024-29850  (CVSS score: 8.8), which allows account takeover via NTLM relay CVE-2024-29851  (CVSS score: 7.2), which allows a privileged user to steal NTLM hashes of a Veeam Backup Enterprise Manager service account if it's not configured to run as the default Local System account CVE-2024-29852  (CVSS score: 2.7), which allows a privileged user to read backup session logs All the flaws have been addressed in version 12.1.2.172. However, Veeam noted that deploying Veeam ...
Expert Insights Articles Videos
Cybersecurity Resources