CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24286 – Veeam Backup Enterprise Manager JobManagmentService Improper Access Control Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-24286
18 Jun 2025 — A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veeam Backup Enterprise Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the JobManagmentService component. The issue results from improper access control. An attacker can leverage this vulnerability to execute code in... • https://www.veeam.com/kb4743 • CWE-269: Improper Privilege Management •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23121
https://notcve.org/view.php?id=CVE-2025-23121
18 Jun 2025 — A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user • https://www.veeam.com/kb4743 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23120
https://notcve.org/view.php?id=CVE-2025-23120
20 Mar 2025 — A vulnerability allowing remote code execution (RCE) for domain users. • https://www.veeam.com/kb4724 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40714
https://notcve.org/view.php?id=CVE-2024-40714
07 Sep 2024 — An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations. • https://www.veeam.com/kb4649 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40709
https://notcve.org/view.php?id=CVE-2024-40709
07 Sep 2024 — A missing authorization vulnerability allows a local low-privileged user on the machine to escalate their privileges to root level. • https://www.veeam.com/kb4649 • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40713
https://notcve.org/view.php?id=CVE-2024-40713
07 Sep 2024 — A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA. • https://www.veeam.com/kb4649 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 56%CPEs: 1EXPL: 4CVE-2024-40711 – Veeam Backup and Replication Deserialization Vulnerability
https://notcve.org/view.php?id=CVE-2024-40711
07 Sep 2024 — A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE). Veeam Backup and Replication contains a deserialization vulnerability allowing an unauthenticated user to perform remote code execution. • https://packetstorm.news/files/id/181539 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40712
https://notcve.org/view.php?id=CVE-2024-40712
07 Sep 2024 — A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE). • https://www.veeam.com/kb4649 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40710
https://notcve.org/view.php?id=CVE-2024-40710
07 Sep 2024 — A series of related high-severity vulnerabilities, the most notable enabling remote code execution (RCE) as the service account and extraction of sensitive information (savedcredentials and passwords). Exploiting these vulnerabilities requires a user who has been assigned a low-privileged role within Veeam Backup & Replication. • https://www.veeam.com/kb4649 • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39718
https://notcve.org/view.php?id=CVE-2024-39718
07 Sep 2024 — An improper input validation vulnerability that allows a low-privileged user to remotely remove files on the system with permissions equivalent to those of the service account. • https://www.veeam.com/kb4649 •