By rssfeeds-admin Published on October 14, 2025, the update addresses two critical CVE-2025-48983 and CVE-2025-48984 issues in the core Backup & Replication platform, as well as a high-severity privilege escalation flaw, CVE-2025-48982, affecting the Veeam Agent for Microsoft Windows.
Administrators are urged to review the impacts and deploy the patch immediately to safeguard backup infrastructures and Windows systems.
Critical RCE Vulnerabilities Patched
The Mount service in Veeam Backup & Replication v12 domain-joined infrastructure servers suffered a remote code execution vulnerability (CVE-2025-48983) that could allow an authenticated domain user to execute arbitrary code on backup infrastructure hosts.
Scored 9.9 under CVSS 3.1, this flaw was reported by the security firm CODE WHITE. It specifically impacts Backup & Replication build 12.3.2.3617 and earlier v12 releases running on Windows domain-joined servers, excluding the Veeam Software Appliance and upcoming v13 architecture.
The underlying issue arises from insufficient input validation in the Mount service, enabling attackers to craft malicious payloads that execute in the context of the Veeam Backup Service.
- Insufficient input validation in the Mount service.
- Execution of malicious payloads under the Veeam Backup Service context.
- Affects domain-joined Windows backup infrastructure hosts.
Similarly, CVE-2025-48984 also carries a CVSS 3.1 score of 9.9 and permits remote code execution on the Backup Server component by an authenticated domain user.
This vulnerability was independently discovered by researchers Sina Kheirkhah and Piotr Bazydlo of watchTowr. The flaw stems from improper handling of user-supplied data in server-side routines, allowing unauthorized commands to be executed with backup server privileges.
As with CVE-2025-48983, only domain-joined deployments of Backup & Replication v12 are impacted. Both critical issues have been remediated in Patch 12.3.2.4165, which updates the affected binaries and enforces stricter validation on user inputs.
High-Severity Privilege Escalation in Windows Agent
In addition to the Backup & Replication flaws, Veeam has addressed CVE-2025-48982, a local privilege escalation vulnerability within Veeam Agent for Microsoft Windows.
With a CVSS 3.1 score of 7.3, this issue allows an administrator who inadvertently restores a maliciously crafted file to gain SYSTEM-level privileges on the machine.
The vulnerability arises because the Agent improperly handles certain file attributes during restore operations, resulting in elevated access to sensitive system resources.
Discovered by an anonymous contributor collaborating with the Trend Zero Day Initiative, the flaw affects Agent for Windows 6.3.2.1205 and earlier.
- Improper handling of file attributes during restore operations.
- Potential for SYSTEM-level privilege escalation.
- Affects Veeam Agent for Microsoft Windows builds 6.3.2.1205 and earlier.
The fix is delivered in Veeam Agent for Microsoft Windows 6.3.2.1302, which includes updated file validation logic to prevent unauthorized privilege elevation.
Upgrade Recommendations and Best Practices
Veeam’s security team emphasizes the importance of rapid patch deployment. Since attackers often attempt to reverse-engineer patches once they are released, unpatched systems face increased risk of exploitation.
Organizations running any impacted version of Backup & Replication v12 should apply the 12.3.2.4165 Patch without delay.
Similarly, Windows hosts using standalone or bundled Veeam Agent should be updated to Agent 6.3.2.1302 to eliminate the privilege escalation exposure.
For environments where applying immediate updates is challenging, temporary mitigations include isolating backup servers and agents in hardened network segments and enforcing strict domain user permissions.
Veeam’s Security Best Practice Guide recommends running backup infrastructure servers in workgroup mode when possible, or otherwise limiting domain privileges to minimize attack surfaces.
Detailed guidance on implementing these recommendations is available in the Veeam Backup & Replication Security Best Practice Guide.
This patch underscores Veeam’s commitment to proactive vulnerability management through its Vulnerability Disclosure Program and extensive internal audits.
By transparently publishing vulnerability details and remediation steps, Veeam enables customers to swiftly protect their backup and replication environments against emerging threats.
Administrators are encouraged to subscribe to Veeam’s weekly security updates and to verify that all backup infrastructure components are running the latest software versions.
Find this Story Interesting! Follow us on Google News , LinkedIn and X to Get More Instant Updates
The post Critical Veeam Backup Flaws Allow Remote Code Execution appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.