CVE-2025-23114: Critical Vulnerability in Veeam Updater Component

In February 2025, a critical security flaw identified as CVE-2025-23114 was discovered in Veeam’s Updater component. This vulnerability allows attackers to perform Man-in-the-Middle (MitM) attacks, enabling the execution of arbitrary code with root-level permissions on affected servers. The issue arises from improper TLS certificate validation during update processes.

Affected Products:

  • Veeam Backup for Salesforce: Versions 3.1 and earlier.

  • Veeam Backup for Nutanix AHV: Versions 5.0 and 5.1.

  • Veeam Backup for AWS: Versions 6a and 7.

  • Veeam Backup for Microsoft Azure: Versions 5a and 6.

  • Veeam Backup for Google Cloud: Versions 4 and 5.

  • Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization: Versions 3, 4.0, and 4.1.

Veeam has addressed this vulnerability by releasing updates to the Veeam Updater component. Users are strongly advised to update their systems promptly to the latest versions to mitigate potential security risks.

Veeam Backup Vulnerability

Critical Veeam Backup Vulnerability Lets Attackers Execute Arbitrary Code to Gain Root Access

Ravi Jain
A critical vulnerability (CVE-2025-23114) in the Veeam Updater component allows attackers to execute arbitrary code and gain root access on affected servers via Man-in-the-Middle attacks. Multiple older Veeam Backup products are vulnerable, but patches are available. The vulnerability exploits insecure communication channels during software updates, enabling malicious code injection. Veeam has released updated versions and recommends applying patches, monitoring network traffic, and isolating backup appliances. A cybersecurity firm, Technijian, offers services to help organizations assess and mitigate this risk. ... Read More