Veeam patches critical vulnerability in the Veeam Updater enabling Man-in-the-Middle attacks

A critical vulnerability has been identified in the Veeam Updater component that enables attackers to perform Man-in-the-Middle (MitM) attacks.

The flaw is tracked as CVE-2025-23114 (CVSS score 9.0). It enables (MitM) attacks and subsequent arbitrary code execution with root-level permissions on affected appliance servers.

Affected Products and Versions:

• Veeam Backup for Salesforce (3.1 and older)
• Veeam Backup for Nutanix AHV (5.0, 5.1)
• Veeam Backup for AWS (6a, 7)
• Veeam Backup for Microsoft Azure (5a, 6)
• Veeam Backup for Google Cloud (4, 5)
• Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization (3, 4.0, 4.1)

Veeam has released patched versions with updated Veeam Updater components:

• Veeam Backup for Salesforce: 7.9.0.1124
• Veeam Backup for Nutanix AHV: 9.0.0.1125
• Veeam Backup for AWS: 9.0.0.1126
• Veeam Backup for Microsoft Azure: 9.0.0.1128
• Veeam Backup for Google Cloud: 9.0.0.1128
• Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization: 9.0.0.1127

If a Veeam Backup & Replication deployment is not protecting AWS, Google Cloud, Microsoft Azure, Nutanix AHV, or Oracle Linux VM/Red Hat Virtualization, such a deployment is not impacted by the vulnerability discussed in this article.

Automatic updates are enabled for all backup appliances associated with this issue, ensuring the updated Veeam Updater component is automatically downloaded and installed on actively supported versions.

Users can verify their current version by checking the update history or reviewing the updater.log file in the support logs. Organizations are strongly advised to check the update and if it has not passed, to manually update to the latest versions immediately to prevent potential exploitation.