Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist

The article reports on a near-critical RCE in Veeam Backup & Replication (CVE-2025-23120, 9.9) patched by Veeam, and researchers' criticism that Veeam's blocklist-based deserialization mitigation is inadequate; the flaw can be exploited by any authenticated domain user on domain-joined servers and is particularly concerning because ransomware actors routinely target Veeam deployments.