Here is a rewritten version of the content:
Veeam has released a security update to fix a critical vulnerability in its Backup & Replication software, which could be exploited for remote code execution.
The vulnerability, identified as CVE-2025-23120, has a CVSS score of 9.9 out of 10.0 and affects all versions prior to 12.3.0.310.
According to Veeam’s advisory, the vulnerability allows remote code execution by authenticated domain users.
Piotr Bazydlo, a security researcher at watchTowr, discovered and reported the flaw, which has been resolved in version 12.3.1 (build 12.3.1.1139).
Researchers Bazydlo and Sina Kheirkhah explained that the vulnerability stems from Veeam’s inconsistent handling of deserialization mechanisms, allowing an attacker to bypass security measures and achieve remote code execution.
This means that an attacker could exploit a deserialization gadget not included in the blocklist, specifically Veeam.Backup.EsxManager.xmlFrameworkDs and Veeam.Backup.Core.BackupSummary, to execute malicious code.
Researchers noted that any user belonging to the local users group on the Windows host of the Veeam server can exploit the vulnerability, and even domain users can exploit it if the server is joined to the domain.
Veeam’s patch adds the two gadgets to the existing blocklist, but the solution may still be vulnerable to similar risks if other deserialization gadgets are discovered.
Meanwhile, IBM has released fixes for two critical bugs in its AIX operating system that could allow command execution.
The vulnerabilities, which affect AIX versions 7.2 and 7.3, are:
- CVE-2024-56346 (CVSS score: 10.0): An improper access control vulnerability that could allow a remote attacker to execute arbitrary commands via the AIX nimesis NIM master service.
- CVE-2024-56347 (CVSS score: 9.6): An improper access control vulnerability that could allow a remote attacker to execute arbitrary commands via the AIX nimsh service SSL/TLS protection mechanism.
Although there is no evidence of these vulnerabilities being exploited in the wild, users are advised to apply the necessary patches to secure against potential threats.
