A critical vulnerability (CVE-2025-23114) was found in the Updater component, allowing potential Man-in-the-Middle attacks. This issue holds a CVSS v3.1 score of 9.0.
Affected Products:
- Veeam Backup for Salesforce—version 3.1 and older
- Previous releases of Veeam Backup for Nutanix AHV, AWS, Microsoft Azure, Google Cloud, and others also noted, are impacted if not updated to the most recent unaffected versions.
Solution and remediation:
The vulnerability was resolved in Veeam Updater component version for each product.
Checking for Updates using the built-in Veeam Updater to update the Veeam Updater component.
Veeam strongly urge all customers to check their update history and ensure they are running Veeam Backup & Replication version 12.3 with updated appliances to remain secure.
For detailed instructions on verifying your Veeam Updater component and taking necessary actions, please refer to https://www.veeam.com/kb4712
CVE-2025-23114 Veeam Updater component (CVSS v3 : 9.0)
+8
+8Good to see Veeam getting out in front of this but in general this is why the community needs a dislike button. ;)
Comment
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.