Skip to main content

Veeam Backup & Replication Update v12.3.2 - Security Fixes

  • June 17, 2025
  • 7 comments
  • 1444 views
coolsport00
Forum|alt.badge.img+21

Hello Community!

Veeam releaesed an update to it’s VBR product today. Click the link below to view the KB:

https://www.veeam.com/kb4743

The following CVEs were addressed with this update:

CVE-2025-23121 (critical severity)

A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user

CVE-2025-24286 (high severity)

A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code

CVE-2025-24287 (medium severity)

A vulnerability allowing local system users to modify directory contents, allowing for arbitrary code execution on the local system with elevated permissions.

It is obviously recommended to perform the update as soon as you can.

You can also view other fixes/improvements from the below KB, as well as find the updater and full ISOs:

https://www.veeam.com/kb4696

Best.

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
Chris.Childerhose
vAdmin
wolff.mateus

7 comments

Chris.Childerhose
Forum|alt.badge.img+21

Great to see these patches but time for another patching window.  🤣

Automation here I come. 😋

Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | VUG Canada Leader | vExpert 6* | Toronto VMUG Leader | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
wolff.mateus
lukas.k
coolsport00
Forum|alt.badge.img+21
  • coolsport00
  • Author
  • Veeam Legend
  • June 17, 2025

I know, right?? 😜

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
wolff.mateus
R
  • RubinCompServ
  • Comes here often
  • June 17, 2025

You left out CVE-2025-23121 - which has a “Critical” priority - but that’s because we’ve all followed Best Practices and our VBRs aren’t domain joined, right? :D

 

And yes, I haven’t even finished applying 12.3.1 yet.

Chris.Childerhose
coolsport00
wolff.mateus
coolsport00
Forum|alt.badge.img+21
  • coolsport00
  • Author
  • Veeam Legend
  • June 17, 2025

Thanks for the catch ​@RubinCompServ ! I have updated the post. Appreciate it.

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
wolff.mateus
R
Marcel.K
Forum|alt.badge.img+9
  • Marcel.K
  • Veeam Legend
  • June 17, 2025

Great to know! I can start plan of patching.

Marcel Kačmár | VCSP Partner 2022 | VMCE 2024 | VMCA 2024 | Veeam Legend 2025 |
coolsport00
wolff.mateus
wolff.mateus
Forum|alt.badge.img+11
  • wolff.mateus
  • Veeam Vanguard
  • June 18, 2025

Thinking on CVE 2025-1094, why Veeam not include a newer version of postgre on ISO?

 

IT Lover | Veeam Vanguard | VUG Leader | Blogger
vAdmin
Forum|alt.badge.img+2
  • vAdmin
  • Influencer
  • June 18, 2025

Thank you for the update ​@coolsport00 

Yes, I also received the email sent by Veeam as well for this important update.

It’s good to see the quick response from the community and the vendor to limit the attacker impact on this vulnerabilities.

Microsoft Azure Solutions Architect Expert, VMware Certified Professional - DCV 7, Citrix Certified Professional Virtualization (CCP-V), ITIL Practitioner, Certified Cybersecurity
wolff.mateus
Terms & ConditionsAccessibility statement