Arbitrary Code Execution Risk in Veeam Backup & Replication by Authenticated Users
CVE-2025-24286

4.9MEDIUM

Key Information:

Vendor: Veeam
Status: Backup And Recovery
Vendor: CVE Published:; 19 June 2025

Badges

🟣 EPSS 10%📰 News Worthy

What is CVE-2025-24286?

This vulnerability allows an authenticated user with the Backup Operator role to alter backup jobs, potentially leading to arbitrary code execution. This poses serious security threats as attackers could exploit this flaw to execute malicious payloads within the system. Organizations using affected versions should prioritize patching and review their role assignments to mitigate risks.

Affected Version(s)

Backup and Recovery 12.3

News Articles

GBHackers News

CVE-2025-23121 CVE-2025-24286

Veeam Vulnerabilities Expose Backup Servers to Remote Attacks

Veeam, a leading provider of data protection and backup solutions, disclosed three critical vulnerabilities affecting its widely deployed backup software.

References

https://www.veeam.com/kb4743

EPSS Score

10% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2025
📰
First article discovered by GBHackers News
Jun 18, 2025

CVE-2025-24286 Data

JSON