CVE-2025-48984
Published: 31 October 2025
Description
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Security Summary
CVE-2025-48984 is a remote code execution (RCE) vulnerability affecting the Veeam Backup Server, classified under CWE-94 (code injection). It enables an attacker to execute arbitrary code on the server. The vulnerability has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility, low attack complexity, and requirement for low privileges, with high impacts on confidentiality, integrity, and availability.
An authenticated domain user can exploit this vulnerability remotely over the network without user interaction. Successful exploitation grants the attacker RCE on the Backup Server, potentially allowing full compromise of the system, data exfiltration, or further lateral movement within the environment.
The Veeam advisory at https://www.veeam.com/kb4771 provides details on mitigation, including available patches and workarounds for affected versions of the Backup Server. Security practitioners should consult this KB article for specific remediation steps and verify their deployments.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
CVE-2025-48984 enables remote code execution via code injection in Veeam Backup Server, requiring low privileges (authenticated domain user), directly facilitating Exploitation of Remote Services (T1210) and Exploitation for Privilege Escalation (T1068) to achieve system compromise.