CVE-2025-23114

Name of the Vulnerable Software and Affected Versions Veeam (affected versions not specified)

Description A vulnerability in the Veeam Updater component allows Man-in-the-Middle attackers to execute arbitrary code on the affected server due to a failure to properly validate TLS certificates. This issue enables remote code execution via a Man-in-the-Middle attack. Over 32,000 services are potentially affected. The vulnerability has been actively exploited.

Recommendations Apply Veeam's latest updates to address the vulnerability. Ensure all Veeam products are updated to their latest versions to mitigate this critical issue. As a temporary workaround, consider restricting access to the Veeam Updater component until a patch is available.