Veeam Releases Security Updates for Backup & Replication and Windows Agent
Security bulletin addresses critical severity vulnerabilities that could allow for remote code execution and privilege escalation
Summary
Security bulletin addresses critical severity vulnerabilities that could allow for remote code execution and privilege escalation
Affected platforms
The following platforms are known to be affected:
Threat details
Unsupported versions should be considered vulnerable
Veeam states "Unsupported product versions are not tested, but are likely affected and should be considered vulnerable".
Introduction
Veeam has released a security bulletin to address three vulnerabilities in Backup & Replication and Veeam Agent for Microsoft Windows.
- CVE-2025-48983 - Authenticated Remote Code Execution vulnerability in Veeam Backup & Replication - CVSSv3: 9.9
- CVE-2025-48984 - Authenticated Remote Code Execution vulnerability in Veeam Backup & Replication - CVSSv3: 9.9
- CVE-2025-48982 - Local Privilege Escalation vulnerability in Veeam Agent for Microsoft Windows - CVSSv3: 7.3
Remediation advice
Affected organisations are strongly encouraged to review Veeam Security Bulletin KB4771 and apply the relevant update as soon as possible.
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 14 October 2025 2:07 pm