Veeam Backup Replication vulnerabilities
42 known vulnerabilities affecting veeam/veeam_backup_replication.
Total CVEs
42
CISA KEV
4
actively exploited
Public exploits
3
Exploited in wild
5
Severity breakdown
CRITICAL12HIGH22MEDIUM6LOW2
Vulnerabilities
Page 2 of 3
CVE-2024-42452P3HIGHCVSS 8.8≥ 12.0.0.1402, < 12.3.0.3102024-12-04
CVE-2024-42452 [HIGH] CWE-863 CVE-2024-42452: A vulnerability in Veeam Backup & Replication allows a low-privileged user to start an agent remotel
A vulnerability in Veeam Backup & Replication allows a low-privileged user to start an agent remotely in server mode and obtain credentials, effectively escalating privileges to system-level access. This allows the attacker to upload files to the server with elevated privileges. The vulnerability exists because remote calls bypass permission checks, l
nvd
CVE-2024-42456P3HIGHCVSS 8.8≥ 12.0.0.1402, < 12.3.0.3102024-12-04
CVE-2024-42456 [HIGH] CWE-306 CVE-2024-42456: A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific
A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the trusted client certificate used for authentication on a specific port. This can result in unauthorized access, enabling the user to call privileged methods and i
nvd
CVE-2024-40710P3HIGHCVSS 8.8fixed in 12.2.0.3342024-09-07
CVE-2024-40710 [HIGH] CWE-522 CVE-2024-40710: A series of related high-severity vulnerabilities, the most notable enabling remote code execution (
A series of related high-severity vulnerabilities, the most notable enabling remote code execution (RCE) as the service account and extraction of sensitive information (savedcredentials and passwords). Exploiting these vulnerabilities requires a user who has been assigned a low-privileged role within Veeam Backup & Replication.
nvd
CVE-2025-59469P3CRITICALCVSS 9.0≥ 13.0.0.4967, < 13.0.1.10712026-01-08
CVE-2025-59469 [CRITICAL] CWE-200 CVE-2025-59469: This vulnerability allows a Backup or Tape Operator to write files as root.
This vulnerability allows a Backup or Tape Operator to write files as root.
nvd
CVE-2021-35971P3CRITICALCVSS 9.8≥ 10.0, < 10.0.1.4854≥ 11.0, < 11.0.0.8372021-06-30
CVE-2021-35971 [CRITICAL] CWE-502 CVE-2021-35971: Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 before 11.0.0.837 P20210507 mish
Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 before 11.0.0.837 P20210507 mishandles deserialization during Microsoft .NET remoting.
nvd
CVE-2024-40715P3HIGHCVSS 7.7fixed in 12.2.0.3342024-11-07
CVE-2024-40715 [HIGH] CWE-294 CVE-2024-40715: A vulnerability in Veeam Backup & Replication Enterprise Manager has been identified, which allows a
A vulnerability in Veeam Backup & Replication Enterprise Manager has been identified, which allows attackers to perform authentication bypass. Attackers must be able to perform Man-in-the-Middle (MITM) attack to exploit this vulnerability.
nvd
CVE-2020-15518P3HIGHCVSS 8.8fixed in 10.02020-07-03
CVE-2020-15518 [HIGH] CWE-862 CVE-2020-15518: VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup & Replication before 10 has no d
VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup & Replication before 10 has no device object DACL, which allows unprivileged users to achieve total control over filesystem I/O requests.
nvd
CVE-2024-29850P3HIGHCVSS 8.8fixed in 12.1.2.1722024-05-22
CVE-2024-29850 [HIGH] CWE-294 CVE-2024-29850: Veeam Backup Enterprise Manager allows account takeover via NTLM relay.
Veeam Backup Enterprise Manager allows account takeover via NTLM relay.
nvd
CVE-2024-39718P3HIGHCVSS 8.1≥ 12.0.0.1402, < 12.2.0.3342024-09-07
CVE-2024-39718 [HIGH] CVE-2024-39718: An improper input validation vulnerability that allows a low-privileged user to remotely remove file
An improper input validation vulnerability that allows a low-privileged user to remotely remove files on the system with permissions equivalent to those of the service account.
nvd
CVE-2024-42453P3HIGHCVSS 8.1≥ 12.0.0.1402, < 12.3.0.3102024-12-04
CVE-2024-42453 [HIGH] CWE-862 CVE-2024-42453: A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configu
A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure hosts. This includes the ability to power off virtual machines, delete files in storage, and make configuration changes, potentially leading to Denial of Service (DoS) and data integrity issues. The vulnerabil
nvd
CVE-2024-40713P3HIGHCVSS 7.8fixed in 12.2.0.3342024-09-07
CVE-2024-40713 [HIGH] CWE-287 CVE-2024-40713: A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup &
A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA.
nvd
CVE-2024-40714P3HIGHCVSS 8.3fixed in 12.2.0.3342024-09-07
CVE-2024-40714 [HIGH] CWE-295 CVE-2024-40714: An improper certificate validation vulnerability in TLS certificate validation allows an attacker on
An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations.
nvd
CVE-2026-21668P3MEDIUMCVSS 6.5≥ 12.0.0.1402, < 12.3.2.44652026-03-12
CVE-2026-21668 [MEDIUM] CWE-862 CVE-2026-21668: A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrar
A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository.
nvd
CVE-2024-29851P3HIGHCVSS 7.2fixed in 12.1.2.1722024-05-22
CVE-2024-29851 [HIGH] CWE-294 CVE-2024-29851: Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manage
Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account.
nvd
CVE-2024-40712P3HIGHCVSS 7.8fixed in 12.2.0.3342024-09-07
CVE-2024-40712 [HIGH] CWE-22 CVE-2024-40712: A path traversal vulnerability allows an attacker with a low-privileged account and local access to
A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE).
nvd
CVE-2025-24286P3MEDIUMCVSS 4.9fixed in 12.3.2.36172025-06-19
CVE-2025-24286 [MEDIUM] CWE-269 CVE-2025-24286: A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs,
A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code.
nvd
CVE-2024-42451P3MEDIUMCVSS 6.5≥ 12.0.0.1402, < 12.3.0.3102024-12-04
CVE-2024-42451 [MEDIUM] CWE-312 CVE-2024-42451: A vulnerability in Veeam Backup & Replication allows low-privileged users to leak all saved credenti
A vulnerability in Veeam Backup & Replication allows low-privileged users to leak all saved credentials in plaintext. This is achieved by calling a series of methods over an external protocol, ultimately retrieving the credentials using a malicious setup on the attacker's side. This exposes sensitive data, which could be used for further attacks, in
nvd
CVE-2024-42457P3MEDIUMCVSS 6.5≥ 12.0.0.1402, < 12.3.0.3102024-12-04
CVE-2024-42457 [MEDIUM] CWE-522 CVE-2024-42457: A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose sav
A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and exploitation, leading to the leak of plaintext credentials to a malicious ho
nvd
CVE-2026-21670P3MEDIUMCVSS 6.5≥ 13.0.0.496, ≤ 13.0.1.10712026-03-12
CVE-2026-21670 [MEDIUM] CWE-522 CVE-2026-21670: A vulnerability allowing a low-privileged user to extract saved SSH credentials.
A vulnerability allowing a low-privileged user to extract saved SSH credentials.
nvd
CVE-2024-45204P4MEDIUMCVSS 4.3≥ 12.0.0.1402, < 12.3.0.3102024-12-04
CVE-2024-45204 [MEDIUM] CWE-863 CVE-2024-45204: A vulnerability exists where a low-privileged user can exploit insufficient permissions in credentia
A vulnerability exists where a low-privileged user can exploit insufficient permissions in credential handling to leak NTLM hashes of saved credentials. The exploitation involves using retrieved credentials to expose sensitive NTLM hashes, impacting systems beyond the initial target and potentially leading to broader security vulnerabilities.
nvd