What vulnerabilities did Veeam patch in their latest security update?

Veeam released patches for multiple vulnerabilities in Veeam Backup & Replication and Veeam Agent for Microsoft Windows, including two critical severity remote code execution flaws (CVE-2025-48983 and CVE-2025-48984) and one high severity local privilege escalation vulnerability (CVE-2025-48982). These flaws could allow authenticated domain users to execute arbitrary code on backup infrastructure hosts and servers.

What is CVE-2025-48983 and how serious is it?

CVE-2025-48983 is a critical vulnerability with a CVSS score of 9.9 in the Mount service of Veeam Backup & Replication. It allows for remote code execution on backup infrastructure hosts by an authenticated domain user. This flaw impacts domain-joined Veeam Backup & Replication v12 backup infrastructure servers and could lead to complete compromise of backup systems.

What is CVE-2025-48984?

CVE-2025-48984 is a critical vulnerability with a CVSS score of 9.9 that allows remote code execution on the Backup Server by an authenticated domain user. It affects domain-joined Veeam Backup & Replication v12 backup servers and can result in complete compromise of backup systems.

What is CVE-2025-48982?

CVE-2025-48982 is a high severity vulnerability with a CVSS score of 7.3 in Veeam Agent for Microsoft Windows. It allows for local privilege escalation if a system administrator is tricked into restoring a malicious file. This flaw requires social engineering to exploit successfully.

What patches has Veeam released to fix these vulnerabilities?

Veeam has released patch 12.3.2.4165 for Backup & Replication and build 6.3.2.1302 for Veeam Agent for Microsoft Windows to address these vulnerabilities. Users should update to these versions immediately to protect their backup infrastructure.

Do the critical Veeam vulnerabilities require authentication?

Yes, both critical remote code execution vulnerabilities (CVE-2025-48983 and CVE-2025-48984) require the attacker to be an authenticated domain user. However, with CVSS scores of 9.9, they are still considered extremely critical because authenticated domain users could compromise backup infrastructure hosts and servers, leading to complete system compromise.

What should Veeam users do about these vulnerabilities?

Veeam users should immediately update their systems to the patched versions: patch 12.3.2.4165 for Veeam Backup & Replication and build 6.3.2.1302 for Veeam Agent for Microsoft Windows. Given the critical severity of the remote code execution flaws and their potential to compromise backup infrastructure, prompt patching is essential. Users of unsupported versions should upgrade to supported versions and apply patches.

Advisory

Veeam reports critical flaws in their Backup & Replication product, asks for urgent patching

Q: Are all Veeam products affected by the remote code execution vulnerabilities?

No, not all Veeam products are affected. The Veeam Software Appliance and the upcoming Veeam Backup & Replication v13 software for Microsoft Windows are architecturally not impacted by the remote code execution vulnerabilities (CVE-2025-48983 and CVE-2025-48984).

published: Oct. 14, 2025

Take action: If you're running Veeam Backup & Replication that's joined to a Windows domain, this is urgent. Update to to B&R version 12.3.2.4165 ASAP, because any user on the domain can hack your Veeam. Or they get hacked and then the attacker hacks the Veeam. If you are running Veeam Agent for Windows v6, update it, but that's a lower priority. Remind everyone of risks of phishing.

Learn More

Veeam has released patches for multiple vulnerabilities in Veeam Backup & Replication and Veeam Agent for Microsoft Windows, including two critical severity remote code execution flaws. The flaws could allow authenticated domain users to execute arbitrary code on backup infrastructure hosts and servers, leading to complete compromise of backup systems.

Vulnerabilities summary:

CVE-2025-48983 (CVSS score 9.9): A vulnerability in the Mount service of Veeam Backup & Replication that allows for remote code execution on backup infrastructure hosts by an authenticated domain user. This flaw impacts domain-joined Veeam Backup & Replication v12 backup infrastructure servers.
CVE-2025-48984 (CVSS score 9.9): A vulnerability allowing remote code execution on the Backup Server by an authenticated domain user. It also affects domain-joined Veeam Backup & Replication v12 backup servers.
CVE-2025-48982 (CVSS score 7.3): A vulnerability in Veeam Agent for Microsoft Windows that allows for local privilege escalation if a system administrator is tricked into restoring a malicious file. This flaw requires social engineering to exploit successfully.

Affected versions include all Veeam Backup & Replication version 12 builds up to and including 12.3.2.3617, as well as Veeam Agent for Microsoft Windows versions 6.3.2.1205 and all earlier version 6 builds.

The vendor has noted that unsupported product versions have not been tested but are likely affected and should be considered vulnerable.

Veeam has released patch 12.3.2.4165 for Backup & Replication and build 6.3.2.1302 for Veeam Agent for Microsoft Windows to address these flaws. The Veeam Software Appliance and the upcoming Veeam Backup & Replication v13 software for Microsoft Windows are architecturally not impacted by the remote code execution vulnerabilities.

Veeam reports critical flaws in their Backup & Replication product, asks for urgent patching

Read More
Critical session management vulnerability reported in Apache Roller
Veeam reports critical flaws in Veeam ONE monitoring …
SAP December 2025 patch day fixes critical code …
Critical Remote Code execution vulnerability reported in BentoML
Critical security vulnerabilities patched in Nagios XI 2026R1