Local Directory Modification Vulnerability in Veeam Software
CVE-2025-24287

6.1MEDIUM

Key Information:

Vendor: Veeam
Status: Backup For Microsoft Windows
Vendor: CVE Published:; 19 June 2025

What is CVE-2025-24287?

A vulnerability in Veeam Software permits local users to alter directory contents, which can lead to arbitrary code execution with elevated system permissions. This flaw emphasizes the importance of ensuring that user permissions are correctly configured to prevent unauthorized access and modifications, thus maintaining system integrity and security.

Affected Version(s)

Backup for Microsoft Windows 6.2.0.121

References

https://www.veeam.com/kb4743

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2025