CVE-2025-48983

Published: Oct 31, 2025Modified: Dec 1, 2025

9.9

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability: 3.1 / Impact: 6.0

Source: support@hackerone.com (Secondary)

Description

A vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code execution (RCE) on the Backup infrastructure hosts by an authenticated domain user.

Affected (1)

Products: Veeam: Veeam Backup & Replication

Veeam

1 product

Veeam Backup & Replication

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Veeam Veeam Backup & Replication	From 12.0.0.1402 to 12.3.2.4165

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (1)

https://www.veeam.com/kb4771

Source: support@hackerone.com

Vendor Advisory

Timeline

No history available yet.