
Veeam, a developer of system backup and data replication software, has released version 12.3.1.1139 of Veeam Backup & Replication to address a critical security vulnerability present in previous versions. This flaw could be easily exploited by attackers to compromise backup servers.
The vulnerability, designated CVE-2025-23120, was discovered by cybersecurity firm watchTowr Labs and affects version 12.3.0.310 as well as all earlier iterations of Veeam Backup & Replication 12.x. The root cause lies in an insecure deserialization flaw within Veeam components—such vulnerabilities typically arise from improper handling of serialized data, allowing attackers to inject malicious objects or gadgets capable of executing harmful code.
In enterprise environments, computers or servers running Veeam Backup & Replication are often added to the domain controller’s allowlist, granting all machines within the corporate network potential access to the target backup server via this vulnerability.
Exploiting this flaw, hackers could compromise backup servers by stealing or encrypting backup data, subsequently deploying ransomware to extort organizations. In the past, ransomware groups have explicitly stated that Veeam Backup & Replication servers are prime targets, as disabling them can prevent companies from restoring their data.
As of now, there is no confirmed evidence of active exploitation of this newly disclosed vulnerability. However, given that watchTowr Labs has already published detailed technical insights, the emergence of proof-of-concept (PoC) exploits is expected imminently.
If your organization utilizes Veeam Backup & Replication, it is imperative to upgrade immediately—do not wait until an attack has already occurred, as the resulting damage could be catastrophic.