Critical Security Flaw in Veeam Backup & Replication

A newly identified security flaw, CVE-2025-23120, in Veeam Backup & Replication exposes organizations using Active Directory integration to potential exploitation. This vulnerability enables any authenticated domain user to manipulate backup settings, execute malicious commands, and access sensitive stored data.

Veeam Backup & Replication is a widely used backup solution across financial services, healthcare, and cloud-hosted infrastructures. Firms relying on Veeam for business continuity and disaster recovery must ensure they have addressed this vulnerability to mitigate security threats.

While there are no known active exploits, the risk of data loss, privilege escalation, and ransomware attacks makes immediate remediation essential.

Vulnerability details

This vulnerability arises from inadequate access controls in Veeam Backup & Replication’s integration with Active Directory, potentially allowing authenticated domain users to escalate privileges within the network.

• How it works: An authenticated domain user could exploit this flaw to execute unauthorized commands, access critical backup data, or modify backup configurations. If successfully leveraged, an attacker could disable recovery mechanisms or alter stored backups, significantly impacting an organization’s ability to recover from cyber incidents such as ransomware attacks.
• Key risks: If exploited, an attacker could:
  • Steal or modify backups, undermining disaster recovery efforts.
  • Escalate privileges within the network by leveraging stored credentials.
  • Deploy ransomware or malware, making recovery impossible.
• Affected versions: This vulnerability impacts Veeam Backup & Replication versions 12.3.0.310 and all earlier version 12 when integrated with Active Directory. Organizations should verify their Veeam instances and apply security patches immediately.

Our guidance

To protect against this vulnerability, we recommend organizations should:

• Update immediately: Upgrade to the latest patched version of Veeam Backup & Replication.
• Investigate for Indicators of Compromise (IoCs): Look for unusual access patterns, unexpected privilege escalations, or changes to backup configurations.
• Disconnect Veeam from Active Directory: If feasible, decouple the Veeam instance from Active Directory authentication to reduce exposure.
• Implement monitoring and access controls:
  • Restrict access to Veeam administrative interfaces.
  • Enable logging and alerts to detect unauthorized changes.
  • Apply network segmentation to isolate backup systems.

How we help

ACA Aponix^® helps firms strengthen their cybersecurity programs to mitigate risks from vulnerabilities like this flaw. Our services include:

• Aponix Protect™ provides a comprehensive patch management solution that ensures vulnerabilities, like the Veeam Backup & Replication flaw, are identified and remediated before they can be exploited. This service helps firms maintain secure backup environments and reduce exposure to cyber threats.
• Vendor due diligence and third-party risk management services help firms identify risks associated with third-party software and backup solutions, such as those vulnerable to Active Directory authentication flaws. Our assessments and continuous monitoring enable firms to mitigate potential risks before they impact operations.
• ACA Vantage for Cyber delivers targeted cybersecurity insights for portfolio companies, focusing on areas like access controls, vulnerability remediation, and privilege management. By combining expert advisory, ComplianceAlpha^® technology, and RealRisk assessments, firms gain visibility into security gaps and strengthen their defenses against unauthorized access risks.

Reach out to your ACA expert or contact us to find out how ACA can help secure your firm against cyber threats and comply with regulatory expectations.

Contact us