Veeam has released patches for a critical RCE vulnerability (CVE-2025-23120) in Backup & Replication versions 12-12.3, urging immediate updates. The flaw, affecting domain-joined servers, allows authenticated users to gain SYSTEM access, posing a serious risk, especially to large organizations. While no active exploits are reported, researchers warn that attackers could easily adapt existing exploits. Given ransomware groups’ focus on backups, enterprises should upgrade to version 12.3.1.1139 immediately to mitigate potential threats.

‍