CVE-2025-48984
published 2025-10-31CVE-2025-48984: A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.
PriorityP261high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.98%
57.7th percentile
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| veeam | backup_and_replication | 12.3.2 – 12.3.2 | — |
| veeam | veeam_backup_replication | >= 12.0.0.1402 < 12.3.2.4165 | 12.3.2.4165 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unexpected crashes or unusual outgoing traffic from the Veeam Backup & Replication server, which may indicate exploitation of CVE-2025-48984. ↗
- →Monitor server logs for unauthorized commands and scan for requests to known malicious domains targeting the Veeam Backup & Replication service. ↗
- →Configure SIEM platforms with custom detection rules to identify malicious API activity or unusual commands targeting backup services. ↗
- →Use host-based detection systems (HIDS) to monitor for unauthorized files appearing on the Veeam Backup & Replication server. ↗
- ·The Huntress source contradicts the NVD advisory: Huntress describes the vulnerability as exploitable by unauthenticated attackers, while NVD states it requires an authenticated domain user. Detections and mitigations should account for both scenarios until clarified by the vendor. ↗
- ·NVD describes CVE-2025-48984 as requiring an authenticated domain user for exploitation, which limits the attack surface compared to the unauthenticated claim in the Huntress source. ↗
- ·The Huntress source lists affected versions as Veeam Backup & Replication 12.0.0.1420 and earlier, and 11.0.1.1261 and earlier, with Patch KB4771 as the fix. Verify these version numbers against the official Veeam advisory before using for detection scoping. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Checkpoint
Drawn to Danger: Windows Graphics Vulnerabilities Lead to Remote Code Execution and Memory Exposure
blogs_checkpoint·2025-11-02·CVSS 7.8
CVE-2025-30388 [HIGH] Drawn to Danger: Windows Graphics Vulnerabilities Lead to Remote Code Execution and Memory Exposure
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
AI Research 2
Android Malware 23
Artificial Intelligence 4
ChatGPT 3
Check Point Research Publications 455
Cloud Security 1
CPRadio 44
Crypto 2
Data & Threat Intelligence 2
Data Analysis 0
Demos 22
Global Cyber Attack Reports 408
How To Guides 13
Ransomware 5
Russo-Ukrainian War 1
Security Report 1
Threat and data analysis 0
Threat Research 174
Web 3.0 Security 11
Wipers 0
## Drawn to Danger: Windows Graphics Vulnerabilities Lead to Remote Code Execution and Memory Exposure
## Background
GDI
These are the vulnerabilities:
CVE-2025-30388 , rated important an
Huntress
CVE-2025-48984 Vulnerability: Analysis, Impact, Mitigation | Huntress
blogs_huntress·CVSS 8.8
CVE-2025-48984 [HIGH] CVE-2025-48984 Vulnerability: Analysis, Impact, Mitigation | Huntress
## CVE-2025-48984 Vulnerability
Published: 11/21/2025
Written by: Lizzie Danielson
## What is CVE-2025-48984 vulnerability?
CVE-2025-48984 is a critical remote code execution (RCE) vulnerability impacting Veeam Backup & Replication software. This vulnerability allows unauthorized attackers to execute arbitrary code on a compromised server due to improper input validation. Designated under the Common Vulnerabilities and Exposures system, CVE-2025-48984 has been identified as an advanced exploitation pathway that poses a high risk to systems handling sensitive organizational data.
## When was it discovered?
The vulnerability was disclosed on October 16, 2025, by security researchers analyzing misconfigurations in widely used backup server infrastructures. The discovery credits go to Se
2025-10-31
Published