CVE-2025-48982

Published: Oct 31, 2025Modified: Dec 1, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation if a system administrator is tricked into restoring a malicious file.

Affected (1)

Products: Veeam: Veeam Agent For Windows

Veeam

1 product

Veeam Agent For Windows

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Veeam Veeam Agent For Windows	From 6.0.0.959 to 6.3.2.1302

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (1)

https://www.veeam.com/kb4771

Source: support@hackerone.com

Vendor Advisory

Timeline

No history available yet.