Plateforme
windows
Composant
mount-service
Corrigé dans
12.3.3
CVE-2025-48983 represents a critical Remote Code Execution (RCE) vulnerability discovered in the Mount service of Veeam Backup & Replication. This flaw allows an authenticated domain user to execute arbitrary code on the Backup infrastructure hosts, potentially leading to complete system compromise. The vulnerability impacts Veeam Backup & Replication version 12.3.2, and a patch is expected to be released by Veeam.
The impact of CVE-2025-48983 is severe. Successful exploitation allows an attacker, possessing valid domain user credentials, to execute arbitrary code with the privileges of the Mount service on the Backup infrastructure host. This could enable attackers to gain persistent access, steal sensitive data (including backups), disrupt operations, or even pivot to other systems within the network. Given Veeam's role in data protection, a compromise could have devastating consequences for data recovery and business continuity. The ability to execute code on the backup infrastructure represents a significant escalation of privilege, potentially granting access to highly sensitive data and systems.
The vulnerability is currently publicly known, and while no active exploitation campaigns have been confirmed, the CRITICAL severity and RCE nature suggest a high likelihood of exploitation. The vulnerability has been added to the CISA KEV catalog, indicating a significant risk to US critical infrastructure. Public proof-of-concept (POC) code is anticipated, increasing the risk of widespread exploitation. The vulnerability's reliance on domain user authentication may limit exploitation to environments with compromised or poorly secured domain accounts.
Organizations heavily reliant on Veeam Backup & Replication for data protection are particularly at risk. This includes businesses with large backup repositories, those utilizing Veeam for disaster recovery, and those with complex Active Directory environments where domain user accounts may have excessive privileges. Shared hosting environments utilizing Veeam Backup & Replication also present a heightened risk due to potential cross-tenant vulnerabilities.
• windows / supply-chain:
Get-Process -Name 'mount'
Get-WinEvent -LogName Application -Filter "EventID = 1000 -Message '*Veeam Backup & Replication* Mount service*error*'"• linux / server:
ps aux | grep 'mount'
journalctl -u veeam-mount-service• generic web: Check Veeam Backup & Replication server's firewall rules to ensure only authorized access to the Mount service is permitted.
disclosure
Statut de l'Exploit
EPSS
0.25% (percentile 48%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2025-48983 is to upgrade to a patched version of Veeam Backup & Replication as soon as it becomes available. Until the patch is applied, consider restricting access to the Mount service and implementing strict authentication controls for domain users. Monitor the Mount service logs for any suspicious activity. While a direct workaround is unlikely, segmenting the backup infrastructure network and limiting lateral movement capabilities can reduce the potential blast radius of a successful attack. After upgrade, confirm by verifying the version number and reviewing Veeam's security advisory for confirmation of successful patching.
Mettez à jour Veeam Backup & Replication à une version ultérieure à la 12.3.2 pour corriger la vulnérabilité d'exécution de code à distance. Consultez l'article de la base de connaissances Veeam (KB4771) pour plus de détails et des instructions de mise à jour spécifiques.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-48983 is a critical Remote Code Execution vulnerability in Veeam Backup & Replication 12.3.2, allowing authenticated domain users to execute code on Backup infrastructure hosts.
If you are running Veeam Backup & Replication version 12.3.2, you are potentially affected by this vulnerability. Upgrade as soon as a patch is available.
The recommended fix is to upgrade to a patched version of Veeam Backup & Replication. Monitor Veeam's website for the official patch release.
While no active exploitation campaigns have been confirmed, the CRITICAL severity and RCE nature suggest a high likelihood of exploitation. Monitor your systems closely.
Refer to the official Veeam Security Advisories page on the Veeam website for the latest information and patch details.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.