Vendor: Veeam
Product: Veeam Backup & Replication / Veeam Agent for Microsoft Windows
CVE IDs: CVE-2025-48982, CVE-2025-48983, CVE-2025-48984
Severity:
- CVE-2025-48983: CVSS v3: 9.9 — Remote Code Execution (RCE) via the Mount service
- CVE-2025-48984: CVSS v3: 9.9 — Remote Code Execution (RCE) via the backup server
- CVE-2025-48982: CVSS v3: 7.3 — Local privilege escalation during restoration of malicious files
Description:
Two Critical vulnerabilities have been discovered in Veeam Backup & Replication v12 and one High in Veeam Agent for Microsoft Windows:
- CVE-2025-48983: A flaw in the Mount service allows remote arbitrary code execution on backup hosts by an authenticated domain user.
- CVE-2025-48984: A similar vulnerability enables remote code execution on the Veeam Backup server.
- CVE-2025-48982: Local privilege escalation is possible when an administrator restores a malicious file using Veeam Agent for Windows.
These vulnerabilities affect only domain-joined servers; Veeam appliances and the upcoming version 13 are not impacted from an architectural standpoint.
Affected Versions:
- Veeam Backup & Replication: Versions ≤ 12.3.2.3617 and all versions ≤ 12
- Veeam Agent for Windows: Versions ≤ 6.3.2.1205 and all versions < 6
Fix:
- Veeam Backup & Replication: Update to version 12.3.2.4165 or later
- Veeam Agent for Windows: Update to version 6.3.2.1302 or later
Official Link: https://www.veeam.com/kb4771
