Veeam has released security updates to address a critical security deficiency that affects its backup software and replication, which can lead to the remote code.
Vulnerability tracked as Cve-2025-23120Carries CVSS 9.9 out of 10.0. This affects 12.3.0.310 and all previous versions 12.
“The vulnerability that allows you – Note in a consultation released on Wednesday.
Petr Basidlo Safety Researcher with Watchtowr was credited and the shortage report, which was resolved in version 12.3.1 (collection 12.3.1139).
According to Bazydlo and Researcher Sina Hirha, CVE-2025-23120 stems from the inconspicuous management of the VEEAM desserization mechanism, which causes a class that can be deasserized to pave the way to internal dessertization that implements the block-based approach.
It also means that the actor threats can use a gadget for desserization, missing in the block -leaf – namely: veeam.backup.esxanager.xmlframeworkds and veeam.backup.core.backupsumary – to achieve the remote code.
“These vulnerabilities can be used by any user who belongs to a group of local users on the leading Windows of your veeam server,” – researchers – Note. “Better yet – if you joined your server to the domain, these vulnerabilities can be used by any domain user.”
The Patch Introduced VEEAM adds two gadgets to the existing block -list, which means that the decision can again be sensitive to such risks if other possible desserization is detected.
Development comes the way IBM Starting fixes To eliminate two important errors in their AIX operating system, which can allow team execution.
List of flaws affecting AIX 7.2 and 7.3 versions, below – below –
- Cve-2024-56346 (CVSS assessment: 10.0) – Incorrect vulnerability of access control that can allow remote attackers to perform arbitrary commands through the Nimessis nimesis nimesis service service
- Cve-2024-56347 (CVSS assessment: 9.6) – Incorrect vulnerability of access control that can allow remote attackers to perform arbitrary commands through AIX NIMSH SERVICE/TLS protection mechanism
While there is no evidence that any of these critical deficiencies has been used in the wild, users are advised to move quickly to apply the necessary patches to provide potential threats.
