CVE-2025-23114

Summary

A vulnerability in Veeam Updater component allows Man-in-the-Middle attackers to execute arbitrary code on the affected server. This issue occurs due to a failure to properly validate TLS certificate.

Affected Software

VendorProductVersion RangeStatus
VeeamBackup for AWS7.0 <= 7.0affected
VeeamBackup for Microsoft Azure6.0 <= 6.0affected
VeeamBackup for Google Cloud5.0 <= 5.0affected
VeeamBackup for Nutanix AHV5.1 <= 5.1affected
VeeamBackup for Oracle Linux Virtualization Manager and Red Hat Virtualization4.1 <= 4.1affected
VeeamBackup for Salesforce3.1 <= 3.1affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References