A Vulnerability in Veeam Backup & Replication Could Allow for Arbitrary Code Execution

A vulnerability (CVE-2025-23120) was identified in Veeam Backup & Replication that can enable remote code execution by authenticated domain users on domain-joined backup servers; Veeam warns domain-joined backups are against best practices but acknowledges the configuration may still be common, and successful exploitation could compromise backup data and images.