FlagThis

Veeam has released a patch to address a high-risk Server-Side Request Forgery (SSRF) vulnerability in its Backup for Microsoft Azure product. This flaw, identified as CVE-2025-23082, allows attackers to send unauthorized requests from the system, potentially leading to network enumeration and other malicious activities. The vulnerability has been assigned a CVSS score of 7.2, indicating a high level of severity. The issue affects all versions of Veeam Backup for Microsoft Azure up to and including version 7.1.0.22.

The SSRF vulnerability was discovered during internal testing and highlights the risks associated with cloud-based backup solutions. An attacker could exploit this flaw to make the server perform unintended actions, gathering information about the internal network or even launching further attacks. Users are strongly advised to upgrade to version 7.1.0.59 or later, where the vulnerability has been addressed, to mitigate the potential risk of exploitation. This incident underscores the critical importance of consistent patch management and proactive security measures.

ImgSrc: securityonline.

References :

• gbhackers.com: GBHackers reports Veeam Azure Backup SSRF vulnerability.
• securityonline.info: SecurityOnline covers Veeam releasing a patch for High-Risk SSRF Vulnerability.
• www.veeam.com: Veeam security advisory on CVE-2025-23082
• gbhackers.com: Veeam Azure Backup Vulnerability Allows Attackers to Utilize SSRF & Send Unauthorized Requests /vulnerability
• securityonline.info: Veeam Releases Patch for High-Risk SSRF Vulnerability CVE-2025-23082 in Azure Backup Solution

Classification:

• HashTags: #Veeam #Azure #SSRF
• Company: Veeam
• Target: Veeam Azure Backup users
• Product: Veeam Azure Backup
• Feature: SSRF
• Type: Vulnerability
• Severity: Major