A new version of Veeam Backup & Replication was released with the build number 12.3.2.3617.
First and foremost, this release includes security fixes for VBR server:
CVE-2025-23121 – CVSS v3.0 Score: 9.9, “A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.”
This vulnerability affects only domain-joined backup servers, so if your VBR server is part of a domain, please consider updating it as soon as possible.
One excellent article to read is “Workgroup or Domain” in the Veeam Best Practices guide.
CVE-2025-24286 – CVSS v3.1 Score: 7.2, “A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code.”
And one security fix for Veeam Agent:
CVE-2025-24287 – CVSS v3.1 Score: 6.1, “A vulnerability allowing local system users to modify directory contents, allowing for arbitrary code execution on the local system with elevated permissions.”
In addition to security fixes, this release resolved several issues and added support for new modern Linux distros, including recently released RHEL 10 and RHEL-like Oracle Linux 10 and Rocky Linux 10, Ubuntu 25.04, and Debian 12.10/11.
