3 min read
By: RedLegg's Cyber Threat Intelligence Team
About:
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
VULNERABILITIES
Veeam Backup & Replication Domain‑Joined Remote Code Execution Vulnerability
CVSS Score: 9.9 (Critical)
Identifier: CVE‑2025‑23121
Exploit or POC: No
Update: CVE‑2025‑23121 – Veeam Security Advisory KB4743
Description: CVE‑2025‑23121 is a critical remote code execution vulnerability affecting Veeam Backup & Replication version 12.x when installed on domain‑joined Windows servers. A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.
Mitigation Recommendation: Upgrade immediately to Veeam Backup & Replication 12.3.2 (build 12.3.2.3617).
Follow Veeam's security best practices: avoid domain-joining Backup Servers (opt for workgroup or separate AD forest), restrict admin accounts with multifactor authentication, and segment backup environments from production assets.
Note: Due to the critical severity and the nature of systems affected, organizations are strongly urged to implement the fix and review their infrastructure configuration. Taking proactive steps now can help prevent potential exploitation scenarios.
