CVE-2025-48983

Name of the Vulnerable Software and Affected Versions Veeam Agent for Microsoft Windows (affected versions not specified) Veeam Backup & Replication (affected versions not specified)

Description A critical issue exists in the Mount service of Veeam Backup & Replication and Veeam Agent for Microsoft Windows. This flaw allows an authenticated domain user to execute arbitrary code remotely on the Backup infrastructure hosts. The vulnerability stems from insufficient input validation and inadequate access control within the Mount service. Exploitation could lead to remote code execution (RCE), granting an attacker the ability to execute malicious code directly on the compromised system. Some reports indicate that installing version 12.3.2.4165 can cause issues with existing protection groups and data mover functionality, resulting in backup failures and errors related to S3 bucket access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.