Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in Veeam Updater
Alerts

Critical Vulnerability in Veeam Updater

6 February 2025

Veeam has released security updates to address a critical vulnerability (CVE-2025-23114) affecting the Veeam Updater component.

Successful exploitation of the remote code execution vulnerability could allow an attacker to leverage man-in-the-middle attacks to execute arbitrary code on the vulnerable device with root privileges.

The vulnerability affects the following products:

  • Veeam Backup for Salesforce versions 3.1 and older

  • Veeam Backup for Nutanix AHV versions 5.0 and 5.1

  • Veeam Backup for AWS versions 6a and 7

  • Veeam Backup for Microsoft Azure versions 5a and 6

  • Veeam Backup for Google Cloud versions 4 and 5

  • Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization versions 3, 4.0 and 4.1

Users and administrators of affected products are advised to update to the latest versions immediately.

More information is available here:

https://nvd.nist.gov/vuln/detail/CVE-2025-23114

https://www.veeam.com/kb4712

https://www.scworld.com/brief/veeam-updater-receives-update-for-critical-rce-flaw


Back to top