Veeam just dropped a new KB, related to three critical security fixes:
CVE-2025-48983, CVSS v3.1 Score: 9.9:
A vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code execution (RCE) on the Backup infrastructure hosts by an authenticated domain user.
CVE-2025-48984, CVSS v3.1 Score: 9.9:
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.
Both vulnerabilities only impact domain-joined Veeam Backup & Replication v12.
The vulnerabilities affected all versions of Veeam Backup & Replication v12.3.2.3617 and earlier builds and were fixed in the latest VBR release, 12.3.2.4165, so consider updating as soon as possible.
One vulnerability is related to the Veeam agent for MS Windows.
CVE-2025-48982, CVSS v3.1 Score: 7.3:
This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation if a system administrator is tricked into restoring a malicious file.
Consider updating your Veeam Agent for Microsoft Windows to version 6.3.2.1302.
