CVE-2025-23121 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.9 CRITICAL	NETWORK	LOW	LOW	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
hackerone	CNA	9.9 CRITICAL				CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 45%

Vulnerability Media Exposure

[GERMAN] Sicherheitsupdate: Schadcode-Attacken auf Veeam-Backup-Server vorstellbar
Angreifer können an mehreren Schwachstellen in Veeam Backup & Replication und Veeam Agent for Windows ansetzen.
Published: 2025-06-18T09:56:00+00:00
[ENGLISH] Veeam Patches CVE-2025-23121: Critical RCE Bug Rated 9.9 CVSS in Backup & Replication
Veeam has rolled out patches to contain a critical security flaw impacting its Backup & Replication software that could result in remote code execution under certain conditions. The security defect, tracked as CVE-2025-23121, carries a CVSS score of 9.9 out of a maximum of 10.0. "A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user," the
Published: 2025-06-18T11:19:00+05:30
[GERMAN] Veeam Backup & Replication: Mehrere Schwachstellen ermöglichen Codeausführung
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Veeam Backup & Replication ausnutzen, um beliebigen Programmcode auszuführen.
Published: 2025-06-17T22:00:00+00:00

References

https://www.veeam.com/kb4743