CVE-2025-23114

Severity Score

9.0

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability in Veeam Updater component allows Man-in-the-Middle attackers to execute arbitrary code on the affected server. This issue occurs due to a failure to properly validate TLS certificate.

*Credits: N/A

CVSS Scores

HackerOnev3 9.0

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-01-11 CVE Reserved
2025-02-05 CVE Published
2025-02-05 CVE Updated
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (1)

URL	Tag	Source
https://www.veeam.com/kb4712

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Veeam Search vendor "Veeam"		Backup For AWS Search vendor "Veeam" for product "Backup For AWS"				7.0 Search vendor "Veeam" for product "Backup For AWS" and version "7.0"		en		Affected
Veeam Search vendor "Veeam"		Backup For Microsoft Azure Search vendor "Veeam" for product "Backup For Microsoft Azure"				6.0 Search vendor "Veeam" for product "Backup For Microsoft Azure" and version "6.0"		en		Affected
Veeam Search vendor "Veeam"		Backup For Google Cloud Search vendor "Veeam" for product "Backup For Google Cloud"				5.0 Search vendor "Veeam" for product "Backup For Google Cloud" and version "5.0"		en		Affected
Veeam Search vendor "Veeam"		Backup For Nutanix AHV Search vendor "Veeam" for product "Backup For Nutanix AHV"				5.1 Search vendor "Veeam" for product "Backup For Nutanix AHV" and version "5.1"		en		Affected
Veeam Search vendor "Veeam"		Backup For Oracle Linux Virtualization Manager And Red Hat Virtualization Search vendor "Veeam" for product "Backup For Oracle Linux Virtualization Manager And Red Hat Virtualization"				4.1 Search vendor "Veeam" for product "Backup For Oracle Linux Virtualization Manager And Red Hat Virtualization" and version "4.1"		en		Affected
Veeam Search vendor "Veeam"		Backup For Salesforce Search vendor "Veeam" for product "Backup For Salesforce"				3.1 Search vendor "Veeam" for product "Backup For Salesforce" and version "3.1"		en		Affected