CVE-2025-23114

CVE-2025-23114 KB ID: 4712 Product: Veeam Backup for Salesforce for Nutanix AHV for AWS for Microsoft Azure for Google Cloud for Oracle Linux Virtualization Manager and Red Hat Virtualization Published: 2025-02-04 Last Modified: 2025-02-04 Veeam® is committed to ensuring its products protect customers from potential risks. As part of that commitment, we operate a Vulnerability Disclosure Program (VDP) for all Veeam products and perform extensive internal code audits. When a vulnerability is identified, our team promptly develops a patch to address and mitigate the risk. In line with our dedication to transparency, we publicly disclose the vulnerability and provide detailed mitigation information. This approach ensures that all potentially affected customers can quickly implement the necessary measures to safeguard their systems. It’s important to note that once a vulnerability and its associated patch are disclosed, attackers will likely attempt to reverse-engineer the patch to exploit unpatched deployments of Veeam software. This reality underscores the critical importance of ensuring that all customers use the latest versions of our software and install all updates and patches without delay. The vulnerability discussed in this article affects the Veeam Updater component within the backup appliances used by the listed applications. The updated version of this Veeam Updater component will have been published to the Veeam Repository alongside the release of this announcement. As automatic updates are enabled for all backup appliances associated with this issue, all actively supported backup appliance versions will automatically download and install this updated version of the Veeam Updater component. Furthermore, for all applications other than Veeam Backup for Salesforce, the latest version of each appliance discussed in this article is unaffected by this vulnerability. This means that customers whose Veeam Backup & Replication deployments utilize these backup appli