Veeam and BeyondTrust have released security patches addressing multiple vulnerabilities that could allow attackers to execute arbitrary code. Users are advised to update their systems promptly to prevent potential exploitation by threat actors. #BeyondTrustCVEs #VeeamSecurityFixes
Keypoints
- BeyondTrust fixed a high-severity server-side template injection vulnerability in its Remote Support and Privileged Remote Access products.
- The CVE-2025-5309 flaw allows remote code execution through unescaped input in the chat feature without authentication.
- Veeam released updates for its Backup & Replication software addressing critical and high-severity vulnerabilities.
- The CVE-2025-23121 vulnerability enables authenticated domain users to execute arbitrary code on the Backup Server.
- Threat actors have been observed exploiting these vulnerabilities, highlighting the urgency to apply patches.
Read More: https://www.securityweek.com/code-execution-vulnerabilities-patched-in-veeam-beyondtrust-products/