Remote Code Execution Vulnerability in Veeam Backup Server
CVE-2025-48984

8.8HIGH

Key Information:

Vendor: Veeam
Status: Backup And Replication
Vendor: CVE Published:; 30 October 2025

Badges

📰 News Worthy

What is CVE-2025-48984?

A serious vulnerability has been identified that permits remote code execution on Veeam Backup Server environments when exploited by an authenticated domain user. This flaw compromises the integrity and security of the backup server, enabling unauthorized actions that could lead to sensitive data exposure and potential disruption of service. Organizations leveraging Veeam Backup Solutions should be aware of this risk and take appropriate measures to mitigate the impact.

Affected Version(s)

Backup and Replication 12.3.2

News Articles

GBHackers News

CVE-2025-48983 CVE-2025-48984

Critical Veeam Backup RCE Flaws Allow Remote Execution of Malicious Code

Veeam has released an urgent security patch to address multiple critical remote code execution (RCE) vulnerabilities in Veeam Backup & Replication version 12.

References

https://www.veeam.com/kb4771

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2025
📰
First article discovered by GBHackers News
Oct 15, 2025
Vulnerability Reserved
May 29, 2025

JSON