Critical Vulnerability in Rockwell Automation Lifecycle Services with Veeam Backup and Replication
Take action: If you are using Rockwell Automation Lifecycle Services with Veeam Backup and Replication, this is a priority patch. Naturally, make sure the server is isolated from the internet. But isolating the server isn't a full solution much since it's attack vector is an authenticated user on the domain. Patch ASAP!
Learn More
Rockwell Automation is reporting disclosed a critical security vulnerability affecting its Lifecycle Services products that incorporate Veeam Backup and Replication software.
The vulnerability, tracked as CVE-2025-23120 (CVSS score 9.9), is a deserialization of untrusted data flaw that enables remote code execution. Veeam has separately reported and patched the flaw.
The vulnerability affects the following Rockwell Automation products:
- Industrial Data Center (IDC) with Veeam: Generations 1 – 5
- VersaVirtual Appliance (VVA) with Veeam: Series A - C
Successful exploitation of this vulnerability could allow an attacker with administrative privileges to execute arbitrary code on the target system.
Rockwell Automation has outlined different mitigation paths depending on service status:
For Users with Active Rockwell Automation Infrastructure Managed Service Contracts, Rockwell Automation will directly contact impacted users to coordinate remediation efforts
Users without Managed Services Contracts should refer to Veeam's advisories about Veeam Backup & Replication CVE-2025-23120
