Recently, Veeam has rolled out updates to fix a severe security vulnerability affecting its Backup application, which might enable a malicious actor to run unauthorized code on vulnerable systems.
Recently, Veeam has rolled out updates to fix a severe security vulnerability affecting its Backup application, which might enable a malicious actor to run unauthorized code on vulnerable systems. This flaw, identified as CVE-2025-23114, has been assigned a CVSS score of 9.0 out of 10.0. It is related to an issue in the Veeam Updater module, permitting a threat actor to execute unauthorized code using a Man-in-the-Middle attack.
Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.
