Veeam Critical Vulnerability - 20241205001

Overview

A vulnerability within the Veeam Updater component that allows an attacker to utilise a Man-in-the-Middle attack to execute arbitrary code on the affected appliance server with root-level permissions.

What is vulnerable?

Product(s) Affected	Version(s)	CVE #	CVSS v4/v3	Severity
Veeam Backup for Salesforce	\<= 3.1	CVE-2025-23114	9.0	Critical

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours... (refer Patch Management):

• Veeam:https://www.veeam.com/kb4712

3rd Party Article(s):

• The Hacker News: https://thehackernews.com/2025/02/new-veeam-flaw-allows-arbitrary-code.html