Veeam has released patches to address a critical security lack that affects its backup, which can allow the attacker to perform an arbitrary code in sensitive systems.
Vulnerability tracked as Cve-2025-2314Carries CVSS 9.0 out of 10.0.
“The vulnerability in the VEEAM upgrade component that allows the attacker to use an attack on a person in the middle to perform arbitrary code on the server of the affected appliances with permission at the root level,”-Veeam – Note In advisory.
The disadvantage affects the following products –
- Backup for Salesforce – 3.1 or older
- Backup for Nutanix AHV – 5.0 | 5.1 (Versions 6 and above do not affect the lack)
- VEEAM Backup for AWS – 6a | 7 (Version 8 does not affect the deficiency)
- Backup for Microsoft Azure – 5A | 6 (Version 7 does not affect the deficiency)
- Backup for Google Cloud – 4 | 5 (Version 6 does not affect the deficiency)
- Veeam Backup for Oracle Linux Virtualization Manager and Virtualization Red Hat – 3 | 4.0 | 4.1 (Versions 5 and above do not affect the lack)
It was considered in the versions below –
- Backup Veeam for Salesforce – Veeam Update Component Version 7.9.0.124
- Backup veeam for Nutanix AHV – VEEAM UPDATE Component 9.0.0.1125
- Backup veeam for AWS – VEEAM UPDATER Componten Versong 9.0.126
- Backup veeam for Microsoft Azure – Veeam Update Component 9.0.0.1128
- Backup for Google Cloud – Veeam Update Component 9.0.128
- Backup Veeam for Oracle Linux Virtualization Manager and Virtualization Red Hat – Veeam Update Component 9.0.127
“If the deployment of backup and veeam replication does not protect AWS, Google Cloud, Microsoft Azure, Nutanix AHV or Oracle Linux VM/Virtualization Red Hat, this deployment does not affect the vulnerability,” the company noted.
