Local Privilege Escalation in Veeam Agent for Microsoft Windows
CVE-2025-48982

7.3HIGH

Key Information:

Vendor: Veeam
Status: Agent For Microsoft Windows
Vendor: CVE Published:; 30 October 2025

What is CVE-2025-48982?

A vulnerability exists in Veeam Agent for Microsoft Windows that enables local privilege escalation, allowing an attacker to gain elevated access to system functions. This can occur if a system administrator inadvertently restores a malicious file, leading to unauthorized access and control over the system. To mitigate this risk, it is crucial to ensure that backup files are thoroughly verified and to educate administrators on the dangers of restoring unknown files.

Affected Version(s)

Agent for Microsoft Windows 4.7.2

References

https://www.veeam.com/kb4771

CVSS V3.0

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2025
Vulnerability Reserved
May 29, 2025

CVE-2025-48982 Data

JSON