Skip to main content

 

Hello Community, 

 

Latest security update (build number 12.3.1.1139) released from Veeam

CVE-2025-23120 - CVSS 9.9 - KB4724

A vulnerability allowing remote code execution (RCE) by authenticated domain users.

Severity: Critical
CVSS v3.1 Score: 9.9
Source: Reported by Piotr Bazydlo of watchTowr.

 

Note: This vulnerability only impacts domain-joined backup servers.

Download URL: https://download2.veeam.com/VBR/v12/VeeamBackup&Replication_12.3.1.1139_20250315.iso

MD5: 70E802E77F3FC109E85F8FA859F31950
SHA1: 308E6AE02474208A08418734598CFBA0E7AF82D0

 

There are additional features and resolved issues included in this latest update: https://www.veeam.com/kb4696

Nice to see another CVE covered but not looking forward to another round of patching servers again to this latest release build. 😫


Nice to see another CVE covered but not looking forward to another round of patching servers again to this latest release build. 😫

Yeah, it seems like every time we complete a round of patching, a month later we hear about another required patch :(


It would be nice to have JUST the security patch, instead of having to upgrade to  the next release level, which also includes a bunch of other items.


It would be nice to have JUST the security patch, instead of having to upgrade to  the next release level, which also includes a bunch of other items.

Agreed! Especially if it could somehow be applied without requiring the restart of the service or server causing downtime.


Wow, thank you for sharing ​@Mohamed Ali , the .ISO file is quite big.

Is there any chance to share or perform the security update only? 


Wow, thank you for sharing ​@Mohamed Ali , the .ISO file is quite big.

Is there any chance to share or perform the security update only? 

There is an update ISO but not just a patch no.


Fortunately, all my vbrs are not joined to a domain. 😆


Comment