A critical vulnerability, identified as CVE-2025-23114, has been discovered in the Veeam Updater component, a key element of multiple Veeam backup solutions.
This flaw enables attackers to execute arbitrary code on affected servers through a Man-in-the-Middle (MitM) attack, potentially granting root-level permissions.
The vulnerability has been assigned a severity score of 9.0, underscoring its significant risk.
Overview of the Veeam Backup Vulnerability
The vulnerability exists due to insecure communication channels used by the Veeam Updater component when transmitting sensitive data.
Exploiting this flaw allows attackers positioned between the vulnerable appliance and its update server to intercept and interfere with update requests.
By injecting malicious code, attackers can gain complete control over the system, leading to potential data breaches, ransomware deployment, or persistent access within an organization’s infrastructure.
This issue impacts various Veeam products, including:
- Veeam Backup for Salesforce (versions 3.1 and older)
- Veeam Backup for Nutanix AHV (versions 5.0 and 5.1)
- Veeam Backup for AWS (versions 6a and 7)
- Veeam Backup for Microsoft Azure (versions 5a and 6)
- Veeam Backup for Google Cloud (versions 4 and 5)
- Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization (versions 3, 4.0, and 4.1)
Veeam has released updates addressing CVE-2025-23114 by patching the affected Veeam Updater component in newer versions of its software.
Automatic updates are enabled by default for all actively supported backup appliances, ensuring that most users will receive the fix without manual intervention.
The following updated versions of the Veeam Updater component resolve the vulnerability:
| Product | Fixed Updater Version |
| Veeam Backup for Salesforce | 7.9.0.1124 |
| Veeam Backup for Nutanix AHV | 9.0.0.1125 |
| Veeam Backup for AWS | 9.0.0.1126 |
| Veeam Backup for Microsoft Azure | 9.0.0.1128 |
| Veeam Backup for Google Cloud | 9.0.0.1128 |
| Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization | 9.0.0.1127 |
Organizations using older versions of affected products are at heightened risk if updates are not promptly applied. However, deployments running Veeam Backup & Replication version 12.3 with updated appliances are unaffected.
Mitigation Steps
To protect against this critical vulnerability:
- Use the built-in Veeam Updater tool to ensure your appliance is running the fixed version.
- Check the version of your Veeam Updater component by navigating to the update history or reviewing logs in
/veeam/veeam-updater/updater.log. - Ensure that all backup appliances are updated to the latest unaffected versions
This highlights the importance of maintaining up-to-date software in critical infrastructure systems like backup solutions.
Administrators should ensure their systems are patched promptly while implementing additional security measures such as network monitoring and isolating backup appliances from external access wherever possible.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free