Veeam released the new version of Backup and Replication software 12.3.1.1139, which includes new features and addresses major security vulnerabilities.
First is CVE-2025-23120 with the critical severity level (9.9 score) – A vulnerability allowing remote code execution (RCE) by authenticated domain users.
This vulnerability only affects domain-joined backup servers, which is against best practices, by the way.
This issue affects Veeam Backup & Replication 12.3.0.310 and all earlier v12 builds. Consider updating ASAP.
Now let’s move to the new features and fixes. I will not show everything, because the list is too big, but I will point out a few I really love.
Platform support:
VMware vSphere 9.0 readiness. The official support will be confirmed with the full testing of the GA build when it becomes available. This means that after vSphere 9.0 is out, it is better to wait for Veeam to officially support this release before upgrading the vSphere environment.
Nutanix AHV – Removed the experimental support designation for malware detection, guest file indexing, and application-aware processing, except database log file shipping, which will still be considered experimental.
Proxmox VE – Updated ProxmoxVE plug-in enables the usage of non-root users to register Proxmox, support for Open vSwitch (OVS) networking, Object Storage API (SOSAPI), Nested Pools for backup jobs scope, and brings further backup performance improvements.
Enhancements:
One I really love for vSphere is – Instant VM Recovery engine improvements deliver a 5x increased number of simultaneous instant VM recoveries: up to 1000 VMs per backup server and up to 200 VMs per vPowerNFS server.
TLS connection support for the PostgreSQL configuration database has been added for improved security when hosting the database on an external server.
New ISO-based update distribution reduces downtime by accelerating update installation and eliminates the additional disk space requirement on the backup server, which was previously needed for unpacking the update before its installation.
New REST API capabilities include changing existing password records, rescanning all backup repository types, downloading metadata for Unstructured Data backups, and performing backup deletion.
New PowerShell capabilities include connection to Veeam Vaults, querying, and restoring protected Microsoft Entra ID conditional access policies.
There are more than 40 additional features, enhancements, and resolved issues, make sure you read the corresponding KB.
In addition, consider updating ASAP if CVE-2025-23120 addresses your installation.
