Veeam Fixes Critical Vulnerability in Backup & Replication Software

⚡ TL;DR | Go Straight to the Veeam Backup & Replication Vulnerability Audit Report

Veeam has released security updates for their Backup & Replication software in response to a critical remote code execution vulnerability. This could compromise the integrity of sensitive business data. We have added a new report to Lansweeper to help you identify any at-risk Veeam installations.

Veeam Vulnerability CVE-2025-23120

The vulnerability tracked as CVE-2025-23120 has a critical CVSS score of 9.9 and is found in Veeam Backup & Replication. The vulnerability is caused by a deserialization flaw that can be exploited by any user who belongs to the local users group on the Windows host of the Veeam server. If the server is joined to a domain, it would even be vulnerable to any domain user. When successfully exploited, remote code execution could potentially compromise sensitive data or disrupt operations.

Update Vulnerable Veeam Installations

This vulnerability only affects Veeam Backup & Replication version 12.3.0.310 and all earlier version 12 builds. the issue has been fixed in version 12.3.1 (build 12.3.1.1139). Because of its severity, users are advised to update any vulnerable installation as soon as possible in order to protect your organization and its data. You can find more details about the vulnerability and its fix on Veeam’s advisory page.

Discover At-Risk Veeam Backup & Replication Installations

We have added a new vulnerability report to Lansweeper to help you locate any vulnerable installations of Veeam Backup & Replication in your network. This will give you an actionable list of devices that still require you to take action. You can get the report via the link below.