Filtered by vendor Veeam
Subscriptions
Total
72 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-59468 | 1 Veeam | 2 Backup, Veeam | 2026-01-09 | 9 Critical |
| This vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the postgres user by sending a malicious password parameter. | ||||
| CVE-2025-55125 | 1 Veeam | 2 Backup, Veeam | 2026-01-09 | 7.8 High |
| This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious backup configuration file. | ||||
| CVE-2025-59470 | 1 Veeam | 2 Backup, Veeam | 2026-01-09 | 9 Critical |
| This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter. | ||||
| CVE-2025-59469 | 1 Veeam | 2 Backup, Veeam | 2026-01-09 | 9 Critical |
| This vulnerability allows a Backup or Tape Operator to write files as root. | ||||
| CVE-2025-48983 | 1 Veeam | 2 Backup And Replication, Veeam Backup \& Replication | 2025-12-01 | 10 Critical |
| A vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code execution (RCE) on the Backup infrastructure hosts by an authenticated domain user. | ||||
| CVE-2025-48982 | 2 Microsoft, Veeam | 4 Windows, Agent, Veeam and 1 more | 2025-12-01 | 7.8 High |
| This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation if a system administrator is tricked into restoring a malicious file. | ||||
| CVE-2025-23082 | 1 Veeam | 1 Backup | 2025-11-18 | N/A |
| Veeam Backup for Microsoft Azure is vulnerable to Server-Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | ||||
| CVE-2025-48984 | 1 Veeam | 2 Backup And Replication, Veeam Backup \& Replication | 2025-11-11 | 8.8 High |
| A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user. | ||||
| CVE-2023-27532 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-11-03 | 7.5 High |
| Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts. | ||||
| CVE-2022-26500 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-11-03 | 8.8 High |
| Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code. | ||||
| CVE-2022-26501 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-11-03 | 9.8 Critical |
| Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2). | ||||
| CVE-2024-40711 | 1 Veeam | 2 Backup \& Replication, Veeam Backup \& Replication | 2025-10-30 | 9.8 Critical |
| A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE). | ||||
| CVE-2024-42448 | 1 Veeam | 1 Service Provider Console | 2025-07-21 | N/A |
| From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine. | ||||
| CVE-2025-24286 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-07-16 | 7.2 High |
| A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code. | ||||
| CVE-2025-23121 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-07-15 | 8.8 High |
| A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user | ||||
| CVE-2024-29855 | 1 Veeam | 1 Recovery Orchestrator | 2025-07-14 | N/A |
| Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator | ||||
| CVE-2024-40715 | 1 Veeam | 2 Backup \& Replication, Veeam Backup \& Replication | 2025-07-11 | N/A |
| A vulnerability in Veeam Backup & Replication Enterprise Manager has been identified, which allows attackers to perform authentication bypass. Attackers must be able to perform Man-in-the-Middle (MITM) attack to exploit this vulnerability. | ||||
| CVE-2024-29849 | 1 Veeam | 2 Backup Enterprise Manager, Veeam Backup \& Replication | 2025-07-03 | N/A |
| Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface. | ||||
| CVE-2024-29850 | 1 Veeam | 2 Backup Enterprise Manager, Veeam Backup \& Replication | 2025-07-03 | N/A |
| Veeam Backup Enterprise Manager allows account takeover via NTLM relay. | ||||
| CVE-2024-29851 | 1 Veeam | 2 Backup Enterprise Manager, Veeam Backup \& Replication | 2025-07-03 | N/A |
| Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account. | ||||