VDB

CVE-2025-23114

CVE-2025-23114 PUBLISHED CVSS 9 CRITICAL

A vulnerability in Veeam Updater component allows Man-in-the-Middle attackers to execute arbitrary code on the affected server. This issue occurs due to a failure to properly validate TLS certificate.

EPSS 0.46% · 64.6th percentile

Risk Scores

CVSS 3.0
9
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.46%
64.6th percentile

Affected Products

VendorProductVersions
VeeamBackup for Nutanix AHV5.1
VeeamBackup for Salesforce3.1
VeeamBackup for Oracle Linux Virtualization Manager and Red Hat Virtualization4.1
VeeamBackup for AWS7.0
VeeamBackup for Google Cloud5.0
VeeamVeeam Backup
VeeamBackup for Microsoft Azure6.0

Timeline

  • Jan 11, 2025 CVE ID Reserved
  • Feb 5, 2025 EPSS Score
  • Feb 5, 2025 CVE Published
  • Feb 5, 2025 PoC Published
  • Feb 5, 2025 PoC Published
  • Feb 5, 2025 PoC Published
  • Feb 5, 2025 PoC Published
  • Feb 5, 2025 PoC Published
  • Feb 5, 2025 PoC Published
  • Feb 5, 2025 PoC Published
  • Feb 5, 2025 PoC Published
  • Feb 5, 2025 PoC Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›