Local Privilege Escalation in Veeam Agent for Microsoft Windows
CVE-2025-48982

7.3HIGH

Key Information:

Vendor

Veeam
Status
Agent For Microsoft Windows
Vendor
CVE Published:
30 October 2025

What is CVE-2025-48982?

A vulnerability exists in Veeam Agent for Microsoft Windows that enables local privilege escalation, allowing an attacker to gain elevated access to system functions. This can occur if a system administrator inadvertently restores a malicious file, leading to unauthorized access and control over the system. To mitigate this risk, it is crucial to ensure that backup files are thoroughly verified and to educate administrators on the dangers of restoring unknown files.

Affected Version(s)

Agent for Microsoft Windows 4.7.2

References

https://www.veeam.com/kb4771

CVSS V3.0

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-48982 : Local Privilege Escalation in Veeam Agent for Microsoft Windows