CVE-2025-24287
📋 TL;DR
This vulnerability allows local system users to modify directory contents, potentially leading to arbitrary code execution with elevated permissions. It affects systems running vulnerable versions of Veeam software where local users have access to specific directories. The risk is primarily to organizations using Veeam products in multi-user environments.
💻 Affected Systems
- Veeam Backup & Replication
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
A local attacker gains full system control through arbitrary code execution with elevated permissions, potentially compromising the entire system and connected infrastructure.
Likely Case
A malicious insider or compromised local account modifies directory contents to execute malicious code, leading to data theft, privilege escalation, or lateral movement.
If Mitigated
With proper access controls and monitoring, exploitation attempts are detected and prevented, limiting impact to isolated incidents.
🎯 Exploit Status
Exploitation requires local user access and knowledge of directory manipulation techniques.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version specified in Veeam KB4743
Vendor Advisory: https://www.veeam.com/kb4743
Restart Required: Yes
Instructions:
1. Download the patch from Veeam KB4743. 2. Apply the patch to all affected Veeam Backup & Replication servers. 3. Restart the Veeam services or the entire server as required.
🔧 Temporary Workarounds
Restrict directory permissions
windowsLimit write access to vulnerable directories to only necessary service accounts
icacls "C:\Program Files\Veeam\Backup and Replication\" /deny Users:(OI)(CI)W
Implement least privilege
allEnsure local users have minimal necessary permissions and cannot write to Veeam directories
🧯 If You Can't Patch
- Implement strict access controls to limit which local users can access Veeam directories
- Enable detailed auditing and monitoring of directory modification attempts
🔍 How to Verify
Check if Vulnerable:
Check Veeam Backup & Replication version against the patched version in KB4743Check Version:
Open Veeam Backup & Replication console and check Help > About, or check installed programs in WindowsVerify Fix Applied:
Verify the installed version matches or exceeds the patched version from KB4743📡 Detection & Monitoring
Log Indicators:
- Unexpected modifications to Veeam program directories
- Unauthorized write attempts to Veeam folders
- Suspicious process execution from Veeam directories
Network Indicators:
- Unusual outbound connections from Veeam servers
- Lateral movement attempts from Veeam systems
SIEM Query:
EventID=4663 AND ObjectName LIKE '%Veeam%' AND Accesses LIKE '%Write%'