Initiativen für
Als nationale Behörde für Cybersicherheit hat das ZCB mehrere Initiativen für bestimmte Zielgruppen entwickelt, die hier vorgestellt werden.
Warning: Multiple vulnerabilities in Veeam, Patch Immediately!
Image
Veröffentlicht : 15/10/2025
* Last update: 15/10/2025
* Affected software: Veeam Backup & Replication | 12 | 12.1 | 12.2 | 12.3 | 12.3.1 | 12.3.2
* Type:
→ CWE-94 Improper Control of Generation of Code ('Code Injection')
→ CWE-269 Improper Privilege Management
* CVE/CVSS
→ CVE-2025-48983: CVSS 9.9 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
→ CVE-2025-48984: CVSS 9.9 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
→ CVE-2025-48982: CVSS 7.3 (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
Sources
Veeam: https://www.veeam.com/kb4771
Risks
This vulnerability can lead to a compromised backup infrastructure. Attackers can compromise backup infrastructure and deploy ransomware to perform extortion on the victim. Backup infrastructure is vital for recovery in case of data loss. This vulnerability has a high impact on the confidentiality, integrity and availability of data stored on backup servers.
Description
CVE-2025-48983 is a vulnerability in the Mount service of Veeam Backup & Replication that allows for remote code execution by an authenticated domain user (RCE) on the Backup infrastructure hosts.
CVE-2025-48984 is a vulnerability in the Backup Server that allows for remote code execution (RCE) by an authenticated domain user.
CVE-2025-48982 is a vulnerability in Veeam Agent for Microsoft Windows that allows for privilege escalation if a system administrator is tricked into restoring a malicious file.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
The Centre for Cybersecurity Belgium strongly recommends following the advisory from Veeam and updating to the latest version on vulnerable products.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/report-incident.
While patching appliances or software to the newest version or implementing specific mitigations may protect against future exploitation, it does not remediate historic compromise.