Veeam Veeam provides backup, recovery, security software products
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Veeam product.
RSS Feeds for Veeam security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Veeam products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Veeam Sorted by Most Security Vulnerabilities since 2018
Known Exploited Veeam Vulnerabilities
The following Veeam vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Veeam Backup and Replication Deserialization Vulnerability |
Veeam Backup and Replication contains a deserialization vulnerability allowing an unauthenticated user to perform remote code execution. CVE-2024-40711 Exploit Probability: 70.5% |
October 17, 2024 |
| Veeam Backup & Replication Cloud Connect Missing Authentication for Critical Function Vulnerability |
Veeam Backup & Replication Cloud Connect component contains a missing authentication for critical function vulnerability that allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts. CVE-2023-27532 Exploit Probability: 82.7% |
August 22, 2023 |
| Veeam Backup & Replication Remote Code Execution Vulnerability |
The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code. CVE-2022-26500 Exploit Probability: 23.9% |
December 13, 2022 |
| Veeam Backup & Replication Remote Code Execution Vulnerability |
The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code. CVE-2022-26501 Exploit Probability: 66.7% |
December 13, 2022 |
The vulnerability CVE-2023-27532: Veeam Backup & Replication Cloud Connect Missing Authentication for Critical Function Vulnerability is in the top 1% of the currently known exploitable vulnerabilities. 3 known exploited Veeam vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
By the Year
In 2026 there have been 4 vulnerabilities in Veeam with an average score of 8.7 out of ten. Last year, in 2025 Veeam had 7 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Veeam in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.44.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 4 | 8.70 |
| 2025 | 7 | 8.26 |
| 2024 | 32 | 7.62 |
| 2023 | 5 | 6.26 |
| 2022 | 5 | 8.66 |
| 2021 | 1 | 9.80 |
| 2020 | 2 | 0.00 |
| 2019 | 3 | 8.80 |
It may take a day or so for new Veeam vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Veeam Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2025-59470 | Jan 08, 2026 |
PostgreSQL RCE via Malicious Interval/OrderThis vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter. |
|
| CVE-2025-59469 | Jan 08, 2026 |
PrivEsc: Backup/Tape Operator Escalates to Root via File WriteThis vulnerability allows a Backup or Tape Operator to write files as root. |
|
| CVE-2025-59468 | Jan 08, 2026 |
RCE via Malicious Password Param in PostgreSQL Backup AdminThis vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the postgres user by sending a malicious password parameter. |
|
| CVE-2025-55125 | Jan 08, 2026 |
Root RCE via Malicious Backup Config in Veritas NetBackupThis vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious backup configuration file. |
|
| CVE-2025-48983 | Oct 30, 2025 |
Veeam Backup Mount Service RCE via Authenticated Domain UserA vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code execution (RCE) on the Backup infrastructure hosts by an authenticated domain user. |
|
| CVE-2025-48982 | Oct 30, 2025 |
Local Priv Escalation in Veeam Agent for Windows via Malicious RestoreThis vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation if a system administrator is tricked into restoring a malicious file. |
|
| CVE-2025-48984 | Oct 30, 2025 |
RCE in Microsoft Windows Backup Server via Authenticated Domain UserA vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user. |
|
| CVE-2025-24286 | Jun 19, 2025 |
Windows Server: Backup Operator Auth Esc for Arbitrary CodeA vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code. |
Veeam Backup Replication
|
| CVE-2025-23121 | Jun 19, 2025 |
RCE via authenticated domain user on Microsoft Windows Server BackupA vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user |
Veeam Backup Replication
|
| CVE-2025-23120 | Mar 20, 2025 |
Win RCE for Domain Users via Remote ExploitA vulnerability allowing remote code execution (RCE) for domain users. |
Veeam Backup Replication
|
| CVE-2025-23082 | Jan 14, 2025 |
Veeam Backup Azure SSRF: Unauth. Attacker Sends Unauthorized RequestsVeeam Backup for Microsoft Azure is vulnerable to Server-Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. |
Veeam Backup Microsoft Azure
|
| CVE-2024-42457 | Dec 04, 2024 |
Veeam Backup & Replication: Remote Management Interface Credential Exposure VulnerabilityA vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and exploitation, leading to the leak of plaintext credentials to a malicious host. The attack is facilitated by improper usage of a method that allows operators to add a new host with an attacker-controlled IP, enabling them to retrieve sensitive credentials in plaintext. |
Veeam Backup Replication
|
| CVE-2024-45204 | Dec 04, 2024 |
Windows Credential Manager NTLM Hash Leak VulnerabilityA vulnerability exists where a low-privileged user can exploit insufficient permissions in credential handling to leak NTLM hashes of saved credentials. The exploitation involves using retrieved credentials to expose sensitive NTLM hashes, impacting systems beyond the initial target and potentially leading to broader security vulnerabilities. |
Veeam Backup Replication
|
| CVE-2024-42456 | Dec 04, 2024 |
Veeam Backup & Replication: Insufficient Permission Control in Configuration Update MethodA vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the trusted client certificate used for authentication on a specific port. This can result in unauthorized access, enabling the user to call privileged methods and initiate critical services. The issue arises due to insufficient permission requirements on the method, allowing users with low privileges to perform actions that should require higher-level permissions. |
Veeam Backup Replication
|
| CVE-2024-42455 | Dec 04, 2024 |
Veeam Backup & Replication Insecure Deserialization VulnerabilityA vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the system with service account privileges. The vulnerability is caused by an insufficient blacklist during the deserialization process. |
Veeam Backup Replication
|
| CVE-2024-42453 | Dec 04, 2024 |
Veeam Backup & Replication: Improper Permission Checks in Management ServicesA vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure hosts. This includes the ability to power off virtual machines, delete files in storage, and make configuration changes, potentially leading to Denial of Service (DoS) and data integrity issues. The vulnerability is caused by improper permission checks in methods accessed via management services. |
Veeam Backup Replication
|
| CVE-2024-42452 | Dec 04, 2024 |
Veeam Backup & Replication Remote Agent Privilege Escalation VulnerabilityA vulnerability in Veeam Backup & Replication allows a low-privileged user to start an agent remotely in server mode and obtain credentials, effectively escalating privileges to system-level access. This allows the attacker to upload files to the server with elevated privileges. The vulnerability exists because remote calls bypass permission checks, leading to full system compromise. |
Veeam Backup Replication
|
| CVE-2024-42451 | Dec 04, 2024 |
Veeam Backup & Replication Credential Exposure VulnerabilityA vulnerability in Veeam Backup & Replication allows low-privileged users to leak all saved credentials in plaintext. This is achieved by calling a series of methods over an external protocol, ultimately retrieving the credentials using a malicious setup on the attacker's side. This exposes sensitive data, which could be used for further attacks, including unauthorized access to systems managed by the platform. |
Veeam Backup Replication
|
| CVE-2024-40717 | Dec 04, 2024 |
Veeam Backup & Replication Remote Code Execution via Job UpdateA vulnerability in Veeam Backup & Replication allows a low-privileged user with certain roles to perform remote code execution (RCE) by updating existing jobs. These jobs can be configured to run pre- and post-scripts, which can be located on a network share and are executed with elevated privileges by default. The user can update a job and schedule it to run almost immediately, allowing arbitrary code execution on the server. |
Veeam Backup Replication
|
| CVE-2024-45207 | Dec 04, 2024 |
Veeam Agent for Windows DLL Injection VulnerabilityDLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker places a malicious DLL in one of these directories, the Veeam Agent might load it inadvertently, allowing the attacker to execute harmful code. This could lead to unauthorized access, data theft, or disruption of services |
Veeam Agent For Windows
|
| CVE-2024-45206 | Dec 04, 2024 |
Veeam Service Provider Console SSRF VulnerabilityA vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources. |
Veeam Service Provider Console
|
| CVE-2024-40715 | Nov 07, 2024 |
Veeam Backup & Replication MITM Auth BypassA vulnerability in Veeam Backup & Replication Enterprise Manager has been identified, which allows attackers to perform authentication bypass. Attackers must be able to perform Man-in-the-Middle (MITM) attack to exploit this vulnerability. |
Veeam Backup Replication
|
| CVE-2024-42024 | Sep 07, 2024 |
RCE via Veeam ONE Agent service credsA vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed. |
One
|
| CVE-2024-42022 | Sep 07, 2024 |
Incorrect Permission Assignment Enables Config File Modification (IPAM)An incorrect permission assignment vulnerability allows an attacker to modify product configuration files. |
One
|
| CVE-2024-42021 | Sep 07, 2024 |
Improper Access Control: Credentials Exposed via Valid TokensAn improper access control vulnerability allows an attacker with valid access tokens to access saved credentials. |
One
|
| CVE-2024-42019 | Sep 07, 2024 |
Veeam Reporter Service NTLM Hash Exposure via User InteractionA vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup & Replication. |
One
|
| CVE-2024-40714 | Sep 07, 2024 |
Improper TLS Cert Validation in Restore Ops (CVE-2024-40714)An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations. |
Veeam Backup Replication
|
| CVE-2024-40713 | Sep 07, 2024 |
Privilege Escalation via MFA Disable in Veeam Backup & ReplicationA vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA. |
Veeam Backup Replication
|
| CVE-2024-40712 | Sep 07, 2024 |
Path Traversal LPE via Local Low-Privileged Account (CVE-2024-40712)A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE). |
Veeam Backup Replication
|
| CVE-2024-40710 | Sep 07, 2024 |
Veeam Backup & Replication RCE via lowprivileged roleA series of related high-severity vulnerabilities, the most notable enabling remote code execution (RCE) as the service account and extraction of sensitive information (savedcredentials and passwords). Exploiting these vulnerabilities requires a user who has been assigned a low-privileged role within Veeam Backup & Replication. |
Veeam Backup Replication
|
| CVE-2024-39718 | Sep 07, 2024 |
IIV permits low-privileged user to delete files as service acc.An improper input validation vulnerability that allows a low-privileged user to remotely remove files on the system with permissions equivalent to those of the service account. |
Veeam Backup Replication
|
| CVE-2024-42023 | Sep 07, 2024 |
Improper Access Control: Remote Privilege Escalation (CVE-2024-42023)An improper access control vulnerability allows low-privileged users to execute code with Administrator privileges remotely. |
One
|
| CVE-2024-40711 | Sep 07, 2024 |
Unauthenticated RCE via deserialization in Unknown ComponentA deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE). |
Veeam Backup Replication
Backup Replication
|
| CVE-2024-42020 | Sep 07, 2024 |
XSS in Reporter Widgets via HTML injectionA Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML injection. |
One
|
| CVE-2024-29855 | Jun 11, 2024 |
Veeam Recovery Orchestrator JWT Secret Leak Bypass AuthHard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator |
Recovery Orchestrator
|
| CVE-2024-29853 | May 22, 2024 |
Veeam Agent Windows Auth Bypass LPEAn authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local privilege escalation. |
Veeam Agent For Windows
|
| CVE-2024-29849 | May 22, 2024 |
Veeam Backup Enterprise Manager: Unauth Web Login (CVE-2024-29849)Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface. |
Veeam Backup Replication
|
| CVE-2024-29850 | May 22, 2024 |
Veeam Backup Enterprise Manager NTLM Relay ATO via Unauthenticated AuthVeeam Backup Enterprise Manager allows account takeover via NTLM relay. |
Veeam Backup Replication
|
| CVE-2024-29851 | May 22, 2024 |
Veeam Backup Enterprise Manager NTLM Hash Theft by High-Privileged UsersVeeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account. |
Veeam Backup Replication
|
| CVE-2024-29852 | May 22, 2024 |
High-Privileged Log Disclosure in Veeam Backup Enterprise ManagerVeeam Backup Enterprise Manager allows high-privileged users to read backup session logs. |
Veeam Backup Replication
|
| CVE-2024-29212 | May 14, 2024 |
Veeam VSPC RCE via Unsafe Deserialization in Agent CommunicationDue to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine. |
Veeam Service Provider Console
|
| CVE-2024-22021 | Feb 07, 2024 |
Veeam Recovery Orchestrator: Privilege Escalation via Scope EnumerationVulnerabilityCVE-2024-22021 allowsaVeeam Recovery Orchestrator user with a lowprivilegedrole (PlanAuthor)to retrieveplansfromaScope other than the one they are assigned to. |
Availability Orchestrator
Disaster Recovery Orchestrator
Recovery Orchestrator
And others... |
| CVE-2024-22022 | Feb 07, 2024 |
Veeam ROI: NTLM Hash Leak via Low-Privileged RoleVulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service. |
Recovery Orchestrator
|
| CVE-2023-38549 | Nov 07, 2023 |
Unprivileged NTLM Hash Leak via Veeam ONE Web ClientA vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. Note: The criticality of this vulnerability is reduced as it requires interaction by a user with the Veeam ONE Administrator role. |
One
|
| CVE-2023-41723 | Nov 07, 2023 |
Veeam ONE Read-Only View Dashboard Schedule Info DisclosureA vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The criticality of this vulnerability is reduced because the user with the Read-Only role is only able to view the schedule and cannot make changes. |
One
|
| CVE-2023-38548 | Nov 07, 2023 |
Veeam ONE Web Client NTLM Hash Leak via Unprivileged AccessA vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. |
One
|
| CVE-2023-38547 | Nov 07, 2023 |
Veeam ONE RCE via SQL Server Connection Info LeakA vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database. |
One
|
| CVE-2023-27532 | Mar 10, 2023 |
Veeam Backup & Replication CVE-2023-27532 Credential Disclosure via Config DBVulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts. |
Backup Replication
Veeam Backup Replication
|
| CVE-2022-43549 | Dec 05, 2022 |
Improper Auth: Veeam Backup for Google Cloud v1.0/3.0 BypassImproper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 allows attackers to bypass authentication mechanisms. |
Veeam Backup For Google Cloud
|
| CVE-2022-32225 | Jul 14, 2022 |
A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0. This vulnerability could be exploited by an attacker by convincing a legitimate user to visit a crafted URL on a Veeam Management Pack for Microsoft System Center server, allowing for the execution of arbitrary scripts. |
Management Pack
|