Veeam Backup Mount Service RCE via Authenticated Domain User
CVE-2025-48983 Published on October 30, 2025

A vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code execution (RCE) on the Backup infrastructure hosts by an authenticated domain user.

NVD

Weakness Type

What is an Authorization Vulnerability?

The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVE-2025-48983 has been classified to as an Authorization vulnerability or weakness.

Affected Versions

Veeam Backup and Replication:

Version 12.3.2, <= 12.3.2 is affected.

Exploit Probability

EPSS

0.38%

Percentile

59.22%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Veeam Backup Mount Service RCE via Authenticated Domain UserCVE-2025-48983 Published on October 30, 2025

Weakness Type

What is an Authorization Vulnerability?

Affected Versions

Exploit Probability

Veeam Backup Mount Service RCE via Authenticated Domain User
CVE-2025-48983 Published on October 30, 2025