AI description
CVE-2025-23120 is a vulnerability in Veeam Backup & Replication software that allows remote code execution (RCE) by authenticated domain users. It affects version 12.3.0.310 and all earlier version 12 builds. The vulnerability was discovered by Piotr Bazydlo of watchTowr. The vulnerability exists because of uncontrolled deserialization within the Veeam codebase. Specifically, it can be exploited by any user who belongs to the local users group on the Windows host of the Veeam server, or by any domain user if the server is joined to the domain. Veeam has addressed this flaw in Veeam Backup & Replication 12.3.1 (build 12.3.1.1139), and organizations are urged to apply the patch immediately.
- Description
- A vulnerability allowing remote code execution (RCE) for domain users.
- Source
- support@hackerone.com
- NVD status
- Received
CVSS 3.0
- Type
- Secondary
- Base score
- 9.9
- Impact score
- 6
- Exploitability score
- 3.1
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-502
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
VeeamのVeeam Backup & Replication でリモートコード実行が可能な脆弱性(CVE-2025-23120)が発生しました。パッチはリリースされているので早急な適用をお勧めします。 #セキュリティ対策Lab #セキュリティ #Security https://t.co/3Cxk4ysciC
@securityLab_jp
24 Mar 2025
24 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical patch alert! CVE-2025-23120 in Veeam Backup & Replication allows domain users to execute arbitrary code. High impact, medium probability. Update now to secure your systems! #CVE-2025-23120 #Cybersecurity https://t.co/hx5y5pX8ly
@RedTeamNewsBlog
24 Mar 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-23120
@transilienceai
23 Mar 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Two major vendors just patched remote code execution flaws—update NOW before attackers exploit them. 🔴 Veeam Backup (CVE-2025-23120, 9.9/10) ➡️ Affects v12.3.0.310 & earlier ➡️ Allows RCE by authenticated users ➡️ Fixed in v12.3.1 (12.3.1.1139) 🔴 IBM AIX (CVE-2024-56346 &
@achi_tech
22 Mar 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
آسیب پذیری جدیدی با کد شناسایی CVE-2025-23120 برای محصول Veeam Backup منتشر شده است. نسخه های 12, 12.1, 12.2, 12.3 دارای این آسیب پذیری هستند. برای پیشگیری و مقابله با این تهدید به نسخه 12.3.1 به روز رسانی نمایید. https://t.co/Poz3aKY03t https://t.co/LxuM9PrRTB
@AmirHossein_sec
22 Mar 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【Veeam製バックアップソフトに重大な脆弱性、至急アップデートを推奨】 Veeamのバックアップ製品に深刻なリモートコード実行(RCE)脆弱性(CVE-2025-23120)が発見されました。攻撃者による遠隔操作が可能なため、最新版への即時更新が推奨されています。 https://t.co/JsqJENT8Zf
@StudySEC_Site
22 Mar 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-23120
@transilienceai
22 Mar 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Urgent Update: Veeam and IBM have released patches for critical vulnerabilities in their software. Veeam’s flaw (CVE-2025-23120) allows remote code execution, with a CVSS score of 9.9, affecting versions 12.3.0.310 and earlier.
@fynn_JourX
22 Mar 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-23120
@transilienceai
21 Mar 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Veeam has released security updates to address a critical security flaw impacting its Backup & Replication software that could lead to remote code execution. The vulnerability, tracked as CVE-2025-23120, carries a CVSS score of 9.9 out of 10.0. https://t.co/0acQkeqcaW https:/
@riskigy
21 Mar 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Veeam patched the critical CVE-2025-23120 vulnerability in Backup & Replication affecting domain-joined installations. Disclosed recently, it enabled remote code execution. Fixed in version 12.3.1, it allows exploitation by any domain user on impacted setups. #Security https:
@Strivehawk
21 Mar 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📰 Latest News: Veeam fixed critical Backup & Replication flaw CVE-2025-23120 More on: https://t.co/kkULnIkU5q https://t.co/qmaTol5zBU
@StudiosClancy
21 Mar 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Threat_Research 1. Legacy Driver Exploitation Through Bypassing Certificate Verification https://t.co/iFmmZ8D37f 2. Domain-Level RCE in Veeam Backup & Replication (CVE-2025-23120) https://t.co/9IZpUK4K4P 3. BMC&C Vulnerabilities https://t.co/5c8ER57kXh
@ksg93rd
21 Mar 2025
59 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Critical Veeam RCE Vulnerability CVE-2025-23120 (CVSS 9.9) allows attackers to execute code remotely in Veeam Backup & Replication. Ransomware gangs often target Veeam — update to version 12.3.1 now to stay protected! https://t.co/4QEzKW1Tr8 #CyberSecurity #RCE #Vulnerabi
@dCypherIO
21 Mar 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
We constantly stress the need for immutable or offline backups. Backups are targeted by ransomware groups to limit the ability to restore after an attack. CVE-2025-23120 is an RCE for domain joined #Veeam servers, exploitable by any domain user. https://t.co/Fv4GIh7lgc
@ct_is
21 Mar 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
We constantly stress the need for immutable or offline backups. Backups are targeted by ransomware groups to limit the ability to restore after an attack. #CVE-2025-23120 is an RCE for domain joined #Veeam servers, exploitable by any domain user. https://t.co/Fv4GIh7lgc
@ct_is
21 Mar 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
VeeamのRCEバグによりドメインユーザーがバックアップサーバーをハック可能に、今すぐパッチを適用してください(CVE-2025-23120) https://t.co/9d7xiDJoTI #Security #セキュリティ #ニュース
@SecureShield_
21 Mar 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-23120
@transilienceai
21 Mar 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Attention IT professionals! A critical RCE vulnerability (CVE-2025-23120) has been found in Veeam's Backup & Replication software, putting domain-joined installations at risk.
@fynn_JourX
21 Mar 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 CVE-2025-23120 in #Veeam (CVSS 9.9) lets any domain user run remote code via insecure deserialization. Affects v12.3.0.310 & earlier. Patch to 12.3.1.1139 now! 🛡 Detect threats fast with SOCRadar’s #VulnerabilityIntelligence https://t.co/sFIGTnRgip
@socradar
21 Mar 2025
92 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
🚨 Veeam fixes critical RCE flaw (CVE-2025-23120, CVSS 9.9) in Backup & Replication software. Affects v12.3.0.310 & earlier. Patch now! 🛠️ IBM also releases security updates. 🔗 More details: https://t.co/sWQvmnQOlI #CyberSecurity #InfoSec https://t.co/sWQvmnQOlI
@SalvadorCloud
21 Mar 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔒 CVE-2025-23120 (CVSS 9.9): Critical RCE in Veeam Backup 🖥️ Affects v12.3.0.310 & earlier. Patch to v12.3.1🚨. #Cybersecurity #Veeam #Cve Read more: https://t.co/GpRX2ZqB6r https://t.co/HIl2z3IJjY
@threatsbank
21 Mar 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE Alert: Critical Veeam Backup & Replication remote code execution (RCE) Vulnerability 🚨 Vulnerability Details: CVE-2025-23120 (CVSS 9.9/10) Veeam Backup & Replication remote code execution (RCE) Vulnerability Impact: A successful exploit malware allow remote co
@CyberxtronTech
21 Mar 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE Alert: Critical Veeam Backup & Replication remote code execution (RCE) Vulnerability 🚨 Vulnerability Details: CVE-2025-23120 (CVSS 9.9/10) Veeam Backup & Replication remote code execution (RCE) Vulnerability Impact: A successful exploit malware allow remote co
@CyberxtronTech
21 Mar 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical RCE vulnerability (CVE-2025-23120) in Veeam Backup & Replication allows domain users to exploit backup servers. Patch now to secure your systems! 🛡️ #Veeam #DataProtection #USA link: https://t.co/bqibUvdsOi https://t.co/b07eeJMUlF
@TweetThreatNews
21 Mar 2025
24 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-23120 ⚠️🔴 CRITICAL (9.9) 🏢 Veeam - Backup and Recovery 🏗️ 12.3 🔗 https://t.co/ydTuITplJK #CyberCron #VulnAlert #InfoSec https://t.co/ozA1vuNSbr
@cybercronai
21 Mar 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
系统备份软件Veeam Backup出现高危安全漏洞 攻击者可以轻松破坏服务器 Veeam Backup & Replication 存在高危反序列化漏洞(CVE-2025-23120),影响 12.x 旧版本。攻击者可借此访问备份服务器窃取或破坏数据,甚至实施勒索。建议立即升级至 12.3.1.1139 版本修复漏洞。 https://t.co/lHGm4K2O9b
@buaqbot
21 Mar 2025
23 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
📌 قامت Veeam بتصحيح ثغرة حرجة في برنامج Backup & Replication تُعرف باسم CVE-2025-23120، والتي تسمح لمستخدمي النطاق بتهديد خوادم النسخ الاحتياطي. من المهم تحديث البرنامج على الفور لحماية الأنظمة المتأثرة. https://t.co/1y4ZxYlQk5
@Cybercachear
20 Mar 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Veeam has patched a critical remote code execution vulnerability tracked as CVE-2025-23120 in its Backup & Replication software that impacts domain-joined installations. https://t.co/3RF32Ujdg0
@BleepinComputer
20 Mar 2025
11395 Impressions
50 Retweets
119 Likes
26 Bookmarks
1 Reply
1 Quote
🚨 Dos grandes proveedores acaban de parchear vulnerabilidades críticas de ejecución remota de código (RCE). 🔴 Veeam Backup (CVE-2025-23120, 9.9/10) ➡️ Afecta a v12.3.0.310 y versiones anteriores ➡️ Permite RCE a usuarios autenticados ➡️ Solucionado en v12.3.1… https://t.
@Cyph3R_CyberSec
20 Mar 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Veeam fixed critical Backup & Replication flaw CVE-2025-23120 https://t.co/xeHCfGgNeb
@hackplayers
20 Mar 2025
600 Impressions
3 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Veeam has released a critical patch for Backup & Replication, addressing a high-risk RCE vulnerability (CVE-2025-23120). Upgrade to version 12.3.1 to secure systems! 🛡️ #Veeam #RemoteCodeExecution #USA link: https://t.co/gtVmKs4ZU3 https://t.co/LvrugKnTSS
@TweetThreatNews
20 Mar 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【また君か】Veeam Backup & Replicationに重大(Critical)な脆弱性。CVE-2025-23120はCVSSスコア9.9で、認証済みドメインユーザー権限での遠隔コード実行が可能。 https://t.co/kgU9Hr6H8g パッチは特定のガジェットをブロックリストに追加するもので、デシリアライゼーションガジェットが
@__kokumoto
20 Mar 2025
1982 Impressions
4 Retweets
27 Likes
6 Bookmarks
0 Replies
0 Quotes
CVE-2025-23120 impacts Veeam Backup #VeeamBackup #CVE-2025-23120 https://t.co/nGsdGD6Zkd
@pravin_karthik
20 Mar 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-23120: CRITICAL] A vulnerability allowing remote code execution (RCE) for domain users.#cybersecurity,#vulnerability https://t.co/3dKAxVFUrn https://t.co/zYOHhjJKEd
@CveFindCom
20 Mar 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Two major vendors just patched remote code execution flaws—update NOW before attackers exploit them. 🔴 Veeam Backup (CVE-2025-23120, 9.9/10) ➡️ Affects v12.3.0.310 & earlier ➡️ Allows RCE by authenticated users ➡️ Fixed in v12.3.1 (12.3.1.1139) 🔴 IBM AIX (CVE-2024-56346 &
@TheHackersNews
20 Mar 2025
13248 Impressions
59 Retweets
121 Likes
17 Bookmarks
0 Replies
1 Quote
🚨 A critical vulnerability (CVE-2025-23120) with a CVSS score of 9.9 in Veeam Backup & Replication allows remote code execution. Upgrade to version 12.3.1 to stay safe! #Veeam #RemoteCodeExecution #USA link: https://t.co/vEJA54vvz7 https://t.co/6PTwAY1Y7e
@TweetThreatNews
20 Mar 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical RCE vulnerability (CVE-2025-23120) in Veeam Backup & Replication could be exploited by authenticated users with a CVSS score of 9.9. Patch to version 12.3.1 is essential. ⚠️ #Veeam #DataSecurity #USA link: https://t.co/zdsMtNTBXs https://t.co/BcB601w4D9
@TweetThreatNews
20 Mar 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-23120 (CVSS 9.9): Critical RCE Vulnerability Discovered in Veeam Backup & Replication https://t.co/dJyY95NTmE
@Dinosn
20 Mar 2025
2367 Impressions
5 Retweets
25 Likes
6 Bookmarks
0 Replies
1 Quote
🚨 Domain-Level RCE in Veeam Backup & Replication (#CVE-2025-23120) https://t.co/ONeRzqZBFl Educational Purposes!
@UndercodeUpdate
20 Mar 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
By Executive Order, We Are Banning Blacklists - Domain-Level RCE in Veeam Backup & Replication (CVE-2025-23120) https://t.co/sPb8BinMHj
@Dinosn
20 Mar 2025
2408 Impressions
4 Retweets
24 Likes
6 Bookmarks
0 Replies
0 Quotes
The industry is ablaze w speculation around yesterday's publicly disclosed Veeam Software Backup & Replication RCE vulnerabilities (CVE-2025-23120). We reported these vulnerabilities to Veeam in early February, tracked as WT-2025-0014 and WT-2025-0015. https://t.co/h162duI
@watchtowrcyber
20 Mar 2025
15781 Impressions
46 Retweets
152 Likes
37 Bookmarks
4 Replies
4 Quotes
By Executive Order, We Are Banning Blacklists - Domain-Level RCE in Veeam Backup & Replication (CVE-2025-23120) - watchTowr Labs https://t.co/nXqe0AlTxn https://t.co/a3SUKYlCYI
@secharvesterx
20 Mar 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-23120 (CVSS 9.9): Critical RCE Vulnerability Discovered in Veeam Backup & Replication Learn about CVE-2025-23120, a critical vulnerability in Veeam Backup & Replication with severe implications for enterprises. https://t.co/TbfrRI70b6
@the_yellow_fall
20 Mar 2025
1075 Impressions
2 Retweets
14 Likes
3 Bookmarks
0 Replies
0 Quotes