Ethical Hacking News
A critical vulnerability has been discovered in Veeam's Backup & Replication software, allowing low-privilege domain users to take control of backup servers. The patch for this vulnerability has been released, and experts urge all customers to upgrade to the latest version as soon as possible.
Veeam Backup & Replication software has a critical remote code execution vulnerability (CVE-2026-44963) that allows low-privilege domain users to execute code on backup servers. The vulnerability affects version 12.x and can be exploited by low-privilege domain users to gain control over backup servers. Veeam has patched the issue in version 12.3.2.4854, but not affected versions 13.x due to different architecture. Ransomware groups often target Veeam Backup & Replication due to its critical role in an organization's recovery process. Cybersecurity experts urge customers to use the latest software versions and install patches without delay due to the risk of exploitation after vulnerability disclosure.
The cybersecurity landscape is ever-evolving and constantly facing new threats as vulnerabilities are discovered in various systems. A recent discovery has highlighted the critical nature of a recently identified vulnerability in Veeam's Backup & Replication software, which allows low-privilege domain users to execute code on backup servers connected to an Active Directory domain, potentially leading to full system compromise.
Veeam, a popular data protection platform used by many organizations, has patched a critical remote code execution vulnerability, tracked as CVE-2026-44963 (CVSS v4 Score of 9.4). The flaw affects Backup & Replication version 12.x and could be exploited by low-privilege domain users to gain control over backup servers.
The issue was reported by WatchTowr researcher Sina Kheirkhah (@SinSinology) and has been fixed in version 12.3.2.4854, which does not affect Veeam Backup & Replication 13.x due to its different architecture.
Ransomware and extortion groups often target Veeam Backup & Replication because backup systems are a critical part of an organization's recovery process. If attackers compromise them, they can delete or encrypt backups, steal sensitive data stored in backup archives, and extract credentials that help them move deeper into the network. This makes recovery much harder and increases pressure on victims to pay.
The vulnerability is especially concerning because Veeam servers typically have high privileges and broad access to virtual machines and storage systems, making them attractive targets for attackers who want to weaken defenses before deploying ransomware.
In recent months, Veeam has addressed another critical security vulnerability, tracked as CVE-2025-23121 (CVSS score of 9.9), which can allow remote attackers to execute arbitrary code under certain conditions.
Cybersecurity experts urge all customers to use the latest versions of their software and install all updates and patches without delay, as once a vulnerability is disclosed, threat actors will likely attempt to reverse-engineer the patch to exploit unpatched deployments of Veeam software.
The importance of ensuring that all systems are up-to-date cannot be overstated, especially in today's digital landscape where threats are constantly evolving. By staying informed and taking proactive measures to secure their systems, organizations can minimize the risk of falling victim to such vulnerabilities.
Related Information:
https://www.ethicalhackingnews.com/articles/Critical-Veeam-RCE-Flaw-Exposes-Vulnerability-to-Low-Privilege-Users-Enabling-Attackers-to-Take-Control-of-Backup-Servers-ehn.shtml
https://securityaffairs.com/193385/uncategorized/critical-veeam-rce-flaw-lets-low-privilege-users-take-over-backup-servers.html
https://nvd.nist.gov/vuln/detail/CVE-2026-44963
https://www.cvedetails.com/cve/CVE-2026-44963/
https://nvd.nist.gov/vuln/detail/CVE-2025-23121
https://www.cvedetails.com/cve/CVE-2025-23121/
Published: Wed Jun 10 18:15:42 2026 by llama3.2 3B Q4_K_M
