Veeam has released an urgent security patch to address multiple critical remote code execution (RCE) vulnerabilities in Veeam Backup & Replication version 12.
These flaws could allow authenticated domain users to run malicious code on backup servers and infrastructure hosts. With attackers likely to reverse-engineer the patch, organizations must apply the update without delay to avoid potential breaches.
Two of the most severe vulnerabilities affect domain-joined Veeam Backup & Replication v12 installations.
CVE-2025-48983 targets the Mount service on backup infrastructure hosts. An authenticated domain user can exploit this flaw to execute arbitrary code remotely, posing a critical risk with a CVSS v3.1 score of 9.9.
Similarly, CVE-2025-48984 allows RCE on the primary backup server by an authenticated domain user, also rated 9.9.
Both issues were reported by external researchers CODE WHITE in the case of CVE-2025-48983, and Sina Kheirkhah (@SinSinology) alongside Piotr Bazydlo (@chudyPB) of watchTowr for CVE-2025-48984.
Unsupported product versions are untested and should be considered vulnerable until upgrades are applied.
In addition to the critical RCE flaws, a high-severity local privilege escalation vulnerability exists in Veeam Agent for Microsoft Windows.
Identified as CVE-2025-48982, this issue can be triggered if an administrator restores a malicious file crafted by an attacker, leading to elevated privileges on the system.
With a CVSS v3.1 score of 7.3, this flaw was reported anonymously through the Trend Zero Day Initiative. Although less severe than RCE, it still demands prompt patching to prevent privilege abuse.
All three vulnerabilities have been addressed in the Veeam Backup & Replication 12.3.2.4165 patch and the Veeam Agent for Microsoft Windows 6.3.2.1302 update.
Veeam’s Vulnerability Disclosure Program ensures that once a flaw is found, a patch is developed and published along with mitigation instructions. However, attackers often analyze patches to discover exploits against unpatched systems.
Consequently, organizations must install the latest builds immediately and verify that all backup servers and infrastructure hosts are running the updated software.
Veeam provides a detailed security best practice guide that covers hardening domain and workgroup deployments.
Administrators should review configuration settings to minimize attack surfaces and follow the recommendations in the Veeam Backup & Replication Security Best Practice Guide.
Regular auditing of domain-joined servers and strict access controls will further reduce the risk of exploitation.
| CVE ID | Description | Severity | CVSS Score |
| CVE-2025-48983 | RCE via Mount service on backup infrastructure hosts by authenticated user | Critical | 9.9 |
| CVE-2025-48984 | RCE on backup server by authenticated domain user | Critical | 9.9 |
| CVE-2025-48982 | Local privilege escalation in Veeam Agent for Microsoft Windows when restoring malicious file | High | 7.3 |
Organizations using Veeam Backup & Replication version 12 or Veeam Agent for Windows should verify and apply the patches released on October 14, 2025.
Ensuring timely updates is the most effective defense against known exploits and unauthorized code execution in backup environments.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
