
Veeam has issued critical security patches addressing a severe vulnerability (CVE-2025-23114) in its Backup software suite. The flaw, rated 9.0 out of 10.0 on the CVSS scale, could enable attackers to execute arbitrary code through Man-in-the-Middle attacks, potentially gaining root-level access to affected systems.
Affected Products:
– Veeam Backup for Salesforce (3.1 and older)
– Veeam Backup for Nutanix AHV (5.0, 5.1)
– Veeam Backup for AWS (6a, 7)
– Veeam Backup for Microsoft Azure (5a, 6)
– Veeam Backup for Google Cloud (4, 5)
– Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization (3, 4.0, 4.1)
Updated Versions with Patches:
– Salesforce: Updater version 7.9.0.1124
– Nutanix AHV: Updater version 9.0.0.1125
– AWS: Updater version 9.0.0.1126
– Microsoft Azure: Updater version 9.0.0.1128
– Google Cloud: Updater version 9.0.0.1128
– Oracle Linux VM/Red Hat: Updater version 9.0.0.1127
Note: Veeam Backup & Replication deployments not protecting AWS, Google Cloud, Microsoft Azure, Nutanix AHV, or Oracle Linux VM/Red Hat Virtualization are unaffected by this vulnerability.