CVE-2025-23114

Published Feb 5, 2025

Last updated a day ago

CVSS critical 9.0

Overview

Description
A vulnerability in Veeam Updater component allows Man-in-the-Middle attackers to execute arbitrary code on the affected server. This issue occurs due to a failure to properly validate TLS certificate.
Source
support@hackerone.com
NVD status
Received

Risk scores

CVSS 3.0

Type
Secondary
Base score
9
Impact score
6
Exploitability score
2.2
Vector string
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

7

  1. 🚨 Critical Veeam Vulnerability Alert! 🚨 A new flaw (CVE-2025-23114) allows arbitrary code execution via Man-in-the-Middle attacks. Affects multiple Veeam products with a CVSS score of 9.0/10. Update immediately to secure your systems! 🔐 Read Now: https://t.co/NQ05Wpsjbe

    @cybrhoodsentinl

    5 Feb 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-23114 Impacts Veeam Backup #VeeamBackup #CVE-2025-23114 #RCE https://t.co/9ZcNGTNrZE

    @pravin_karthik

    5 Feb 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. شناسایی آسیب‌ پذیری بحرانی (CVE-2025-23114) در Veeam Backup #Cyber_Security_News #اخبار_امنیت_سایبری #CVE_2025_23114 #Man_in_the_Middle https://t.co/DIRrx4ccmL

    @vulnerbyte

    5 Feb 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. A critical vulnerability (CVE-2025-23114, CVSS 9.0) in Veeam products could allow remote code execution via Man-in-the-Middle attacks. Users must act quickly to secure their systems. #Veeam #RemoteAccess #USA link: https://t.co/Pd3kqPT1Ev https://t.co/dULEnqxPd5

    @TweetThreatNews

    5 Feb 2025

    60 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🛑 Security Alert for Veeam Users! CVE-2025-23114 has a CVSS score of 9.0. This new critical Man-in-the-Middle attack could allow hackers to execute arbitrary code on your servers. ✅ Fix is Available! Check out the details here: https://t.co/hCFQUCrZJk

    @TheHackersNews

    5 Feb 2025

    8948 Impressions

    29 Retweets

    49 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  6. 🚨 Critical Veeam Vulnerability (CVE-2025-23114) ⚠️ Remote Code Execution risk 🔓 Unpatched systems exposed to attackers 🛡️ Urgent patching required Stay ahead of this critical flaw with SOCRadar’s latest analysis. 📖 Read more: https://t.co/IayUY8HEN1 #CyberSecurity #Veeam…

    @socradar

    5 Feb 2025

    140 Impressions

    0 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  7. Veeam Backupに重大(Critical)な脆弱性。CVE-2025-23114はCVSSスコア9.0で、遠隔コード実行の脆弱性。アップデート時に中間者攻撃が可能となるもので、潜在的にはroot権限が奪取される可能性。修正済み。 https://t.co/LAblFW2cob

    @__kokumoto

    5 Feb 2025

    1150 Impressions

    5 Retweets

    14 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  8. Veeam Updaterに存在する脆弱性CVE-2025-23114 CVSS9.0 Critical 攻撃者がMan-in-the-Middle攻撃を利用して、root権限で任意のコードを実行できる可能性があります。影響を受けるのは古いバージョンの Veeam Backup アプライアンス、自動アップデートが有効であれば、基本的には対応不要です。 https://t.co/36rZVMmIL5

    @t_nihonmatsu

    5 Feb 2025

    253 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    1 Reply

    0 Quotes

  9. 🚨🚨CVE-2025-23114 (CVSS: 9) : Critical Veeam Backup Vulnerability Enables Remote Code Execution ⚠️This vulnerability allows attackers to perform a Man-in-the-Middle (MitM) attack, potentially gaining root-level permissions on affected appliance servers. ZoomEye Dork👉app="Veeam

    @zoomeye_team

    5 Feb 2025

    429 Impressions

    2 Retweets

    5 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  10. CVE-2025-23114 (CVSS 9.0): Critical Veeam Backup Vulnerability Enables Remote Code Execution https://t.co/mEsoctNwsH

    @Dinosn

    5 Feb 2025

    6203 Impressions

    47 Retweets

    93 Likes

    43 Bookmarks

    0 Replies

    1 Quote

  11. CVE-2025-23114 A vulnerability in Veeam Updater component allows Man-in-the-Middle attackers to execute arbitrary code on the affected server. This issue occurs due to a failure to … https://t.co/61isNwiuKT

    @CVEnew

    5 Feb 2025

    504 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  12. [CVE-2025-23114: CRITICAL] Critical vulnerability in Veeam Updater component enables Man-in-the-Middle attacks, allowing execution of malicious code due to TLS certificate validation failure. #CyberSecurity#cybersecurity,#vulnerability https://t.co/Ts3swk9MeH https://t.co/WCQfREh

    @CveFindCom

    5 Feb 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. CVE-2025-23114 A vulnerability within the Veeam Updater component that allows an attacker to utilize a Man-in-the-Middle attack to execute arbitrary code on the affected appliance server with root-level permissions. https://t.co/8j55MknymW @VeeamVanguard @VeeamCommunity #mvpbuzz

    @GoodDealMart

    4 Feb 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. CVE-2025-23114 A vulnerability within the Veeam Updater component that allows an attacker to utilize a Man-in-the-Middle attack to execute arbitrary code on the affected appliance server with root-level permissions https://t.co/NJDuUEVmy7 @VeeamVanguard @VeeamCommunity #mvpbuzz h

    @SifuSun

    4 Feb 2025

    57 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References