{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2025-038.pdf"
    },
    "title": "Critical Vulnerabilities in Veeam Backup",
    "serial_number": "2025-038",
    "publish_date": "15-10-2025 18:40:44",
    "description": "On October 14, 2025, Veeam released a security advisory addressing multiple vulnerabilities including 2 critical in its Veeam Backup product.<br>\nCERT-EU recommends updating affected software as soon as possible and following Veeam implementation best practices.<br>\n",
    "url_title": "2025-038",
    "content_markdown": "---    \ntitle: 'Critical Vulnerabilities in\u00a0Veeam\u00a0Backup'\nnumber: '2025-038'\nversion: '1.0'\noriginal_date: '2025-10-14'\ndate: '2025-10-15'\n---\n\n_History:_\n\n* _15/10/2025 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn October 14, 2025, Veeam released a security advisory addressing multiple vulnerabilities including 2 critical in its Veeam\u00a0Backup product [1].\n\nCERT-EU recommends updating affected software as soon as possible and following Veeam implementation best practices [2].\n\n# Technical Details\n\nThe vulnerability **CVE-2025-48983**, with a CVSS score of 9.9, resides in the Mount service of Veeam Backup & Replication and allows an authenticated domain user to execute arbitrary code on backup infrastructure hosts.\n\nThe vulnerability **CVE-2025-48984**, with a CVSS score of 9.9, allows an authenticated domain user to execute arbitrary code remote code execution (RCE) on the Backup Server.\n\nThe vulnerability **CVE-2025-48982**, with a CVSS score of 7.3, resides in Veeam Agent for Microsoft Windows and allows for Local Privilege Escalation if a system administrator is tricked into restoring a malicious file.\n\n# Affected Products\n\nThe vulnerabilities **CVE-2025-48983** and **CVE-2025-48984** impact Veeam Backup & Replication 12.3.2.3617 and all earlier version 12 builds. They only impact domain-joined backup servers.\n\nThe vulnerability **CVE-2025-48982** impacts Veeam Agent for Microsoft Windows 6.3.2.1205 and all earlier version 6 builds.\n\n_The vendor mentions that unsupported product versions are not tested, but are likely affected and should be considered vulnerable._\n\n# Recommendations\n\nIt is recommended updating affected products as soon as possible and following Veeam implementation best practices [2].\n\n# References\n\n[1] <https://www.veeam.com/kb4771>\n\n[2] <https://bp.veeam.com/security/Design-and-implementation/Hardening/Workgroup_or_Domain.html#best-practice>",
    "content_html": "<p><em>History:</em></p><ul><li><em>15/10/2025 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On October 14, 2025, Veeam released a security advisory addressing multiple vulnerabilities including 2 critical in its Veeam\u00a0Backup product [1].</p><p>CERT-EU recommends updating affected software as soon as possible and following Veeam implementation best practices [2].</p><h2 id=\"technical-details\">Technical Details</h2><p>The vulnerability <strong>CVE-2025-48983</strong>, with a CVSS score of 9.9, resides in the Mount service of Veeam Backup &amp; Replication and allows an authenticated domain user to execute arbitrary code on backup infrastructure hosts.</p><p>The vulnerability <strong>CVE-2025-48984</strong>, with a CVSS score of 9.9, allows an authenticated domain user to execute arbitrary code remote code execution (RCE) on the Backup Server.</p><p>The vulnerability <strong>CVE-2025-48982</strong>, with a CVSS score of 7.3, resides in Veeam Agent for Microsoft Windows and allows for Local Privilege Escalation if a system administrator is tricked into restoring a malicious file.</p><h2 id=\"affected-products\">Affected Products</h2><p>The vulnerabilities <strong>CVE-2025-48983</strong> and <strong>CVE-2025-48984</strong> impact Veeam Backup &amp; Replication 12.3.2.3617 and all earlier version 12 builds. They only impact domain-joined backup servers.</p><p>The vulnerability <strong>CVE-2025-48982</strong> impacts Veeam Agent for Microsoft Windows 6.3.2.1205 and all earlier version 6 builds.</p><p><em>The vendor mentions that unsupported product versions are not tested, but are likely affected and should be considered vulnerable.</em></p><h2 id=\"recommendations\">Recommendations</h2><p>It is recommended updating affected products as soon as possible and following Veeam implementation best practices [2].</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.veeam.com/kb4771\">https://www.veeam.com/kb4771</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://bp.veeam.com/security/Design-and-implementation/Hardening/Workgroup_or_Domain.html#best-practice\">https://bp.veeam.com/security/Design-and-implementation/Hardening/Workgroup_or_Domain.html#best-practice</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}