veeam software ag

Top products

The 15 most recently published vulnerabilities affecting veeam software ag.

• CVE-2026-21671A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication.9.1Mar 12, 2026
• CVE-2026-21669A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.9.9Mar 12, 2026
• CVE-2026-21667A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.9.9Mar 12, 2026
• CVE-2026-21666A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.9.9Mar 12, 2026
• CVE-2025-48983A vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code execution (RCE) on the Backup infrastructure hosts by an authenticated domain user.9.9Oct 30, 2025
• CVE-2025-48982This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation if a system administrator is tricked into restoring a malicious file.7.8Oct 30, 2025
• CVE-2025-48984A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.8.8Oct 30, 2025
• CVE-2025-23121A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user8.8Jun 18, 2025
• CVE-2025-23120A vulnerability allowing remote code execution (RCE) for domain users.8.8Mar 20, 2025
• CVE-2025-23114A vulnerability in Veeam Updater component allows Man-in-the-Middle attackers to execute arbitrary code on the affected server. This issue occurs due to a failure to properly validate TLS certificate.9.0Feb 5, 2025
• CVE-2025-23082Veeam Backup for Microsoft Azure is vulnerable to Server-Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading t...7.2Jan 14, 2025
• CVE-2024-42448From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.9.9Dec 11, 2024
• CVE-2024-45207DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker p...7.0Dec 4, 2024
• CVE-2024-45206A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources.6.5Dec 4, 2024
• CVE-2024-42457A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can ...6.5Dec 4, 2024