Veeam has published security updates to correct several critical vulnerabilities in its Backup & Replication software that, if used, could allow remote code execution and other dangerous actions in backup environments. These faults mainly affect the building of branch 12 and have been corrected in the versions that the company has made available for download, so the main recommendation is to update as soon as possible.
The gravity of vulnerabilities is high and not just theoretical: Some allow authenticated users with relatively low permissions to run code on the backup server, while others allow to manipulate files in a repository or scale privileges on the machine that runs Veeam. Veeam has documented the corrections and technical information in its knowledge-based notes; you can consult them directly in its official notices on vulnerabilities and on the download pages of the parched versions like 12.3.2.4465 and 13.0.1.2067.
Among the corrected failures are examples that deserve special attention for their CVSS score close to 10, which indicates a potentially devastating impact on confidentiality, integrity and availability. These vulnerabilities allow, for example, for an authenticated domain user to get remote run on the Backup server, or for a backup display role to get run as the user of the post-gres database. Problems that facilitate the arbitrary handling of files in repositories and the lifting of privileges in Windows facilities have also been solved.
Veeam stresses a point that every administrator must take into account: once the patches are published, it is common for experienced attackers to analyze them to make exploits that target systems that have not yet been updated. That makes unpatched environments very attractive targets and facilitates encryption and data theft campaigns as previous incidents have shown in which backup tools were used to amplify ransomware attacks.
It's not enough to install the patch and forget about it. Before applying updates in production environments, it is prudent to follow a protocol that includes checking compatibility with other infrastructure components and backup the configuration of the backup solutions themselves. After updating, it is appropriate to validate that the services start properly, to review the log for abnormal activity and to monitor the behavior of the repositories and the machines that house the Veeam instances.
If you can't park right away, there are temporary mitigation that can reduce risk: restrict access to Backup & Replication service through network segmentation and access controls, maintain minimum privileges in domain accounts, audit and limit the roles that they can operate on copies and ensure that management credentials are not reused in other systems. These measures do not replace the patch, but help to gain time while planning the update.
In addition to Veeam's own notes, it is recommended to review resources and general guides on how to mitigate Ransomware and critical vulnerabilities. Agencies such as the United States Infrastructure and Cybersecurity Security Agency provide practical guidance on prevention and response to such threats; its Ransomware resource portal is a good starting point: CISA - Stop Ransomware. To verify and look for additional details on vulnerabilities and their history, NIST's public NVD repository is another useful reference: NVD - National Vulnerability Database.
If you manage an environment that depends on Veeam, act quickly: download and apply the version recommended by the manufacturer, review the compatibility documentation and update procedures, and adopt additional access and monitoring controls. The security of the backup infrastructure is not a peripheral matter: it is the last line of defence against a serious attack. For official information and details of the corrections published by Veeam, see the company's website: Additional corrections and notes and the main knowledge page on these vulnerabilities.
If you want, I can help you interpret the specific Veeam newsletters for your version, review what mitigation to apply in a given topology or prepare a safe mini-deployment guide and post-patch checks adapted to your environment.
18-year-old Ukrainian youth leads a network of infostealers that violated 28,000 accounts and left $250,000 in losses
The Ukrainian authorities, in coordination with US agents. They have focused on an operation of infostealer which, according to the Ukrainian Cyber Police, was allegedly adminis...
The digital signature is in check: Microsoft dismands a service that turned malware into apparently legitimate software
Microsoft announced the disarticulation of a "malware-signing-as-a-service" operation that exploited its device signature system to convert malicious code into seemingly legitim...
A single GitHub workflow token opened the door to the software supply chain
A single GitHub workflow token failed in the rotation and opened the door. This is the central conclusion of the incident in Grafana Labs following the recent wave of malicious ...
WebWorm 2025: the malware that is hidden in Discord and Microsoft Graphh to evade detection
The latest observations by cyber security researchers point to a change in worrying tactics of an actor linked to China known as WebWorm: in 2025 it has incorporated back doors ...
Identity is no longer enough: continuous verification of the device for real-time security
Identity remains the backbone of many security architectures, but today that column is cracking under new pressures: advanced phishing, real-time proxyan authentication kits and...
The dark matter of identity is changing the rules of corporate security
The Identity Gap: Snapshot 2026 report published by Orchid Security puts numbers to a dangerous trend: the "dark matter" of identity - accounts and credentials that are neither ...
PinTheft the public explosion that could give you root on Arch Linux
A new public explosion has brought to the surface again the fragility of the Linux privilege model: the V12 Security team named the failure as PinTheft and published a concept t...