Summary: A critical vulnerability (CVE-2025-23114, CVSS 9.0) has been identified in the Veeam Updater component, affecting multiple Veeam backup and replication products, allowing for potential root-level access via Man-in-the-Middle attacks. Users are urged to update their systems immediately to mitigate the risk of exploitation. Veeam has provided updates to address this vulnerability in the affected product versions.
Affected: Veeam Backup and Replication Products
Keypoints :
- Vulnerability allows attackers to execute Man-in-the-Middle attacks, gaining root access to affected appliances.
- Affects multiple Veeam products, including Veeam Backup for Salesforce, Nutanix AHV, AWS, Microsoft Azure, Google Cloud, and Oracle Linux Virtualization Manager.
- Immediate updates through the built-in Veeam Updater are recommended to secure systems from exploitation.