VDB
CVE-2025-23114
CVE-2025-23114
PUBLISHED
CVSS 9 CRITICAL
A vulnerability in Veeam Updater component allows Man-in-the-Middle attackers to execute arbitrary code on the affected server. This issue occurs due to a failure to properly validate TLS certificate.
EPSS 0.46% · 64.6th percentile
Risk Scores
CVSS 3.0
9
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.46%
64.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Veeam | Backup for Nutanix AHV | 5.1 |
| Veeam | Backup for Salesforce | 3.1 |
| Veeam | Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization | 4.1 |
| Veeam | Backup for AWS | 7.0 |
| Veeam | Backup for Google Cloud | 5.0 |
| Veeam | Veeam Backup | |
| Veeam | Backup for Microsoft Azure | 6.0 |
Timeline
- Jan 11, 2025 CVE ID Reserved
- Feb 5, 2025 EPSS Score
- Feb 5, 2025 CVE Published
- Feb 5, 2025 PoC Published
- Feb 5, 2025 PoC Published
- Feb 5, 2025 PoC Published
- Feb 5, 2025 PoC Published
- Feb 5, 2025 PoC Published
- Feb 5, 2025 PoC Published
- Feb 5, 2025 PoC Published
- Feb 5, 2025 PoC Published
- Feb 5, 2025 PoC Published