CVE-2023-27532 – Veeam Backup & Replication Security Update

Veeam addressed two serious vulnerabilities in Veeam Backup & Replication that directly impacted enterprise backup infrastructure.

CVE-2023-27532 is a high-severity vulnerability (CVSS 7.5) that allowed an unauthenticated attacker with network access to retrieve encrypted credentials stored in the configuration database. Attackers leveraged this weakness in real-world ransomware campaigns to extract credentials, move laterally, and compromise backup environments. Public proof-of-concept code accelerated exploitation, and the issue was widely abused before patching.

CVE-2024-40711 is a critical remote code execution vulnerability (CVSS 9.8) requiring no authentication. It allowed attackers to execute arbitrary code on vulnerable Veeam servers. This flaw was confirmed as actively exploited in ransomware operations, enabling full system takeover and deployment of malicious payloads. Because backup servers hold administrative credentials and control recovery processes, compromise can cripple an organization’s ability to restore operations.

Veeam resolved these vulnerabilities in updated releases, including version 12.2.0.334 and later builds.