Any domain user could hack backup servers!
A vulnerability in Veeam Backup & Replication software that allows remote code execution could allow any domain user to compromise backup servers with SYSTEM privileges.
Are you prepared for cyber threats?
With modern protection mechanisms, the right strategy and managed security services such as the DEFENDERBOX the risk can be minimized considerably. Digital security must become a priority - because attackers are already using the latest technologies. It's time to be one step ahead of them! Protect your company!
Safety mechanism fails
The vulnerability, labeled CVE-2025-23120, affects Veeam Backup & Replication 12.3.0.310 and all previous builds of version 12 and shows that blacklist-based security mechanisms continue to fail in enterprise environments.
According to the watchTowr Labs report, the vulnerabilities exploit flawed deserialization mechanisms in Veeam's backup solution, allowing attackers to escalate privileges and potentially compromise critical backup infrastructures.
Most worrisome is the authentication barrier: any user belonging to the "Local Users" group on a Windows host running Veeam, or any domain user if the server is connected to Active Directory, can exploit these vulnerabilities.Million-dollar losses and copycats
The security flaws stem from Veeam's implementation of a blacklist-based protection mechanism for the .NET BinaryFormatter deserialization process.
The researchers identified two different gadget chains (WT-2025-0014 and WT-2025-0015) that override these protective mechanisms.