CVE-2025-23120

High CVSS: 8.8

A vulnerability allowing remote code execution (RCE) for domain users.

Vendor

Product

CWE

Yayın Tarihi

2025-03-20 16:15:16

Güncelleme

2025-04-02 16:01:20

Source Identifier

support@hackerone.com

KEV Date Added

CWE-502 Veeam Backup \& Replication HIGH Veeam 2025

https://www.veeam.com/kb4724 https://labs.watchtowr.com/by-executive-order-we-are-banning-blacklists-domain-level-rce-in-veeam-backup-replication-cve-2025-23120/

Critical

CVE-2026-21666

A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.

Critical

CVE-2026-21667

A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.

High

CVE-2026-21668

A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup…

Critical

CVE-2026-21669

A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.

High

CVE-2026-21670

A vulnerability allowing a low-privileged user to extract saved SSH credentials.

Critical

CVE-2026-21671

A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE)…