Organizations using Veeam Backup & Replication must address a significant security issue immediately. A third critical remote code execution (RCE) vulnerability has been identified and patched this year in the widely used software. This latest flaw, tracked with a high CVSS score of 9.9, affects the Veeam Backup Enterprise Manager component.
The vulnerability allows an unauthenticated attacker to execute arbitrary code remotely on the system where the Enterprise Manager is installed. This could potentially lead to a complete compromise of the backup infrastructure, jeopardizing the integrity and availability of critical data backups. Exploitation is possible over the network without needing any user interaction or credentials.
Given the severity and potential impact, it is imperative that all users running affected versions of Veeam Backup & Replication apply the released patch without delay. This represents the third critical RCE vulnerability patched in this product line within the current year, highlighting the importance of staying current with security updates.
Administrators should identify if they are running the Veeam Backup Enterprise Manager component and, if so, confirm their version and apply the necessary update provided by the vendor. Immediate action is required to mitigate the significant risk posed by this newly disclosed flaw and protect valuable backup systems from potential compromise.
Source: https://go.theregister.com/feed/www.theregister.com/2025/06/18/veeam_fixes_third_critical_rce/
