VEEAM has released patches that deal with important security defects that affect the backup software that allows the attacker to run any code in the sensitivity system.
The vulnerability tracked as CVE-2025-23114 is equipped with a 9.0 CVSS score out of 10.0.
VEEAM stated in the advisory, “VEEAM UPDATER components that allow the attacker to use the intermediate attack to be able to run any code on an appliance server influenced by root -level authority.” 。
The drawbacks will affect the following products-
Salesforce’s VEEAM backup -Nutanix AHV 3.1 and old VEEAM backup -5.0 | 5.1 (not affected by defects after version 6) VEEAM BACKUP -6A | 7 (Version 8 is not affected by defects) Microsoft Azure VEEAM BACKUP -5A | 6 (Version 7 is not affected by defect) Red Hat Virtualization VEEAM backup –3 | 4.0 | 4.1 (after version 5 is not affected by defects)
It is handled in the following version-
Salesforce VEEAM BACKUP -VEEAM Updater Component version 7.9.0.1124 Nutanix AHV VEEAM BACKUP -VEEAM Updater Component version 9.0.0.1125 AWS for AWS Updater Component version 9.0.0.1126 MICEAM Updater Component version 9.0.0.1128 VEEAM BACKUP Google Cloud VEEAM BACKUP- VEEAM UPDATER component version 9.0.0.1128 Oracle Linux virtualization manager and Red Hat Veeam Backup -veeam Updater Component version 9.0.0.1127
“VEEAM backup and replication development is not affected by vulnerability if the AWS, Google Cloud, Microsoft Azure, Nutanix AHV, or Oracle Linux VM/RED HAT virtualization is not protected.” The company states.
Source link
