FlagThis - #patchmanagement

A number of critical security vulnerabilities have been identified and addressed in several software products, highlighting the persistent need for vigilance and timely updates. One of the most severe issues is a critical Remote Code Execution (RCE) vulnerability, identified as CVE-2025-23121, in Veeam Backup & Replication. This flaw, which received a CVSS score of 9.9, allows an authenticated domain user to execute code remotely on the Backup Server, specifically impacting domain-joined backup servers. Veeam has released security updates to fix this and other vulnerabilities, urging users to upgrade to the latest version, 12.3.2 (build 12.3.2.3617), as soon as possible.

Affected products include Veeam Backup & Replication versions 12, 12.1, 12.2, 12.3, and 12.3.1, along with Veeam Agent for Microsoft Windows versions 6.0, 6.1, 6.2, 6.3, and 6.3.1. In addition to the critical RCE in Veeam, a high severity Arbitrary Code Execution (ACE) vulnerability (CVE-2025-24286) in Veeam Backup & Replication was also addressed, allowing an authenticated user with the Backup Operator role to modify backup jobs, potentially leading to arbitrary code execution. Further more, a medium severity local privilege escalation bug (CVE-2025-24287) was identified affecting the Windows Veeam agent, which allows local system users to execute arbitrary code with elevated permissions by modifying specific directory contents.

Users are strongly advised to update their software to the latest versions to mitigate the risks associated with these vulnerabilities. For Veeam users, it is recommended to implement best practices provided by the vendor, such as using a separate management workgroup or domain for Veeam components. The discovery of an undocumented root shell access (CVE-2025-26412) in the SIMCom SIM7600G modem, highlighting the dangers of backdoors and undocumented features in embedded devices. Furthermore, a critical vulnerability (CVE-2025-3464) in Asus Armoury Crate allows attackers to gain SYSTEM privileges via hard link manipulation, advising users to update or disable the software.


References :

• cert.europa.eu: On June 17, 2025, Veeam released an advisory addressing several vulnerabilities in Veeam Backup & Replication, one of which is rated as critical. It is recommended updating as soon as possible.
• research.kudelskisecurity.com: Summary On June 1 7, data resilience vendor Veeam released security updates to fix three vulnerabilities: one critical severity RCE and one high severity ACE
• The Register - Security: Veeam patches third critical RCE bug in Backup & Replication in space of a year
• securityaffairs.com: Veeam addressed a new critical flaw in Backup & Replication product that could potentially result in remote code execution.
• www.cybersecuritydive.com: Researchers urge vigilance as Veeam releases patch to address critical flaw
• Security Risk Advisors: Critical Remote Code Execution Vulnerability Patched in Veeam Backup & Replication 12.3.2
• research.kudelskisecurity.com: Veeam Backup & Replication: Critical RCE Patched
• www.veeam.com: Critical Remote Code Execution Vulnerability Patched in Veeam Backup & Replication 12.3.2 . CVE-2025-23121 & CVE-2025-24286 & CVE-2025-24287 The post appeared first on .
• Blog: On June 17, Veeam released , tracked as CVE-2025-23121, CVE-2025-24286, and CVE-2025-24287. The fixes were applied in and .
• The Hacker News: Veeam Patches CVE-2025-23121: Critical RCE Bug Rated 9.9 CVSS in Backup & Replication
• thecyberexpress.com: This article discusses various vulnerabilities and recommends applying patches.
• www.veeam.com: Veeam KB 4696

Classification:

• HashTags: #Vulnerability #PatchManagement #SoftwareSecurity
• Target: Users of Affected Software
• Product: Veeam Backup & Replication, ONLYOFFICE Docs, SIMCom SIM7600G Modem, Asus Armoury Crate
• Type: Vulnerability
• Severity: Critical