Veeam Security Vulnerabilities (CVEs)

Track 36 security vulnerabilities affecting Veeam products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

11 Critical

20 High

5 Medium

Sort by:

🔔 Get Alerts for Veeam

CVE-2025-59468 9.0

This vulnerability allows a Backup Administrator with legitimate credentials to execute arbitrary code as the postgres user by sending a malicious pas...

Jan 8, 2026

CVE-2025-59469 9.0

This vulnerability allows users with Backup Operator or Tape Operator privileges to write files with root/system-level permissions, potentially leadin...

Jan 8, 2026

CVE-2025-59470 9.0

This vulnerability allows authenticated Backup Operators to execute arbitrary code as the postgres user by sending malicious interval or order paramet...

Jan 8, 2026

CVE-2025-55125 7.8

This vulnerability allows authenticated Backup or Tape Operators to execute arbitrary code with root privileges by creating a malicious backup configu...

Jan 8, 2026

CVE-2025-48982 7.8

This vulnerability in Veeam Agent for Microsoft Windows allows local attackers to escalate privileges to SYSTEM level by tricking an administrator int...

Oct 31, 2025

CVE-2025-48983 9.9

This critical vulnerability in Veeam Backup & Replication's Mount service allows authenticated domain users to execute arbitrary code on backup infras...

Oct 31, 2025

CVE-2025-23121 8.8

This vulnerability allows authenticated domain users to execute arbitrary code on Veeam Backup Servers through improper input validation. It affects o...

Jun 19, 2025

CVE-2025-23120 8.8

This vulnerability allows remote code execution (RCE) for domain users in Veeam Backup & Replication. Attackers can execute arbitrary code with domain...

Mar 20, 2025

CVE-2025-23082 7.2

Veeam Backup for Microsoft Azure is vulnerable to Server-Side Request Forgery (SSRF), allowing unauthenticated attackers to make unauthorized requests...

Jan 14, 2025

CVE-2024-42456 8.8

This vulnerability in Veeam Backup & Replication allows low-privileged users with specific roles to modify critical configuration settings, including ...

Dec 4, 2024

CVE-2024-42457 6.5

This vulnerability in Veeam Backup & Replication allows authenticated users with operator roles to expose saved credentials by exploiting a remote man...

Dec 4, 2024

CVE-2024-45206 6.5

This vulnerability in Veeam Service Provider Console allows attackers to make arbitrary HTTP requests to internal network resources, potentially expos...

Dec 4, 2024

CVE-2024-45207 7.0

This vulnerability allows DLL injection in Veeam Agent for Windows when the system's PATH variable includes insecure directories. Attackers can place ...

Dec 4, 2024

CVE-2024-40717 8.8

This vulnerability in Veeam Backup & Replication allows authenticated low-privileged users to achieve remote code execution by modifying backup jobs t...

Dec 4, 2024

CVE-2024-42451 6.5

This vulnerability in Veeam Backup & Replication allows authenticated low-privileged users to retrieve all stored credentials in plaintext through ext...

Dec 4, 2024

CVE-2024-42452 8.8

A privilege escalation vulnerability in Veeam Backup & Replication allows authenticated low-privileged users to remotely start agents in server mode a...

Dec 4, 2024

CVE-2024-42453 8.1

CVE-2024-42453 is a privilege escalation vulnerability in Veeam Backup & Replication that allows low-privileged users to perform unauthorized actions ...

Dec 4, 2024

CVE-2024-42455 8.1

A vulnerability in Veeam Backup & Replication allows low-privileged authenticated users to exploit insecure deserialization via remoting services, ena...

Dec 4, 2024

CVE-2024-40715 7.7

This vulnerability allows attackers to bypass authentication in Veeam Backup & Replication Enterprise Manager by performing a Man-in-the-Middle attack...

Nov 7, 2024

CVE-2024-42020 5.4

A cross-site scripting (XSS) vulnerability in Veeam Reporter Widgets allows attackers to inject malicious HTML content. This affects Veeam ONE users w...

Sep 7, 2024

CVE-2024-42022 5.3

An incorrect permission assignment vulnerability in Veeam products allows attackers with local access to modify product configuration files. This coul...

Sep 7, 2024

CVE-2024-42023 8.8

This CVE describes an improper access control vulnerability in Veeam software that allows low-privileged users to remotely execute code with Administr...

Sep 7, 2024

CVE-2024-40710 8.8

This CVE describes multiple high-severity vulnerabilities in Veeam Backup & Replication that allow authenticated low-privileged users to execute remot...

Sep 7, 2024

CVE-2024-40711 9.8

CVE-2024-40711 is a critical deserialization vulnerability in Veeam Backup & Replication that allows unauthenticated attackers to execute arbitrary co...

Sep 7, 2024

CVE-2024-40713 7.8

This vulnerability allows low-privileged users in Veeam Backup & Replication to modify Multi-Factor Authentication settings and bypass MFA protection....

Sep 7, 2024

CVE-2024-39718 8.1

An improper input validation vulnerability in Veeam software allows low-privileged authenticated users to remotely delete files on the system with the...

Sep 7, 2024

CVE-2024-29855 9.0

CVE-2024-29855 is a critical authentication bypass vulnerability in Veeam Recovery Orchestrator caused by a hard-coded JWT secret. Attackers can forge...

Jun 11, 2024

CVE-2024-29851 7.2

This vulnerability in Veeam Backup Enterprise Manager allows authenticated high-privileged users to capture the NTLM hash of the Enterprise Manager se...

May 22, 2024

CVE-2024-29853 7.8

This CVE describes an authentication bypass vulnerability in Veeam Agent for Microsoft Windows that allows local attackers to escalate privileges. Att...

May 22, 2024

CVE-2024-29849 9.8

CVE-2024-29849 is an authentication bypass vulnerability in Veeam Backup Enterprise Manager that allows unauthenticated attackers to log into the web ...

May 22, 2024

CVE-2024-29212 9.9

This vulnerability allows remote code execution on Veeam Service Provider Console servers through unsafe deserialization in agent communication. Attac...

May 14, 2024

CVE-2024-22022 8.8

CVE-2024-22022 allows low-privileged Veeam Recovery Orchestrator users to access the NTLM hash of the service account used by the Veeam Orchestrator S...

Feb 7, 2024

CVE-2023-38547 9.8

This vulnerability in Veeam ONE allows unauthenticated attackers to obtain SQL server connection details for the configuration database. This informat...

Nov 7, 2023

CVE-2022-26500 8.8

CVE-2022-26500 is a path traversal vulnerability in Veeam Backup & Replication that allows authenticated remote attackers to access internal API funct...

Mar 17, 2022

CVE-2022-26501 9.8

CVE-2022-26501 is an incorrect access control vulnerability in Veeam Backup & Replication that allows unauthenticated attackers to execute arbitrary c...

Mar 17, 2022

CVE-2021-35971 9.8

This vulnerability in Veeam Backup and Replication allows remote attackers to execute arbitrary code via insecure .NET remoting deserialization. It af...

Jun 30, 2021

Why Monitor Veeam Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 36+ known vulnerabilities affecting Veeam products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Veeam packages in under 60 seconds. No agents required - completely agentless scanning that works across Veeam deployments.

Free vulnerability database: Access detailed information about every Veeam CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Veeam CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Veeam CVEs Free