CVE-2025-23121

| EUVD-2025-18675 HIGH
2025-06-19 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
EUVD ID Assigned
Mar 15, 2026 - 00:08 euvd
EUVD-2025-18675
Analysis Generated
Mar 15, 2026 - 00:08 vuln.today
Patch Released
Mar 15, 2026 - 00:08 nvd
Patch available
CVE Published
Jun 19, 2025 - 00:15 nvd
HIGH 8.8

Tags

RCE Remote Code Execution Authentication Bypass

Description

A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user

Analysis

Remote code execution vulnerability in Backup Server that allows authenticated domain users to execute arbitrary code with high severity (CVSS 8.8). The vulnerability requires valid domain credentials but no user interaction, making it a significant risk for organizations with Backup Server deployments in Active Directory environments. If actively exploited or with public POC availability, this represents an immediate priority for patching.

Technical Context

This vulnerability is rooted in CWE-94 (Improper Control of Generation of Code), which indicates improper input validation or unsafe code generation/execution mechanisms within the Backup Server's code path. The CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates the vulnerability is exploitable over the network (AV:N) with low attack complexity (AC:L) by a low-privileged authenticated user (PR:L) without requiring user interaction (UI:N). The scope is unchanged (S:U), meaning the impact is limited to the Backup Server itself, but with complete compromise of confidentiality, integrity, and availability (C:H/I:H/A:H). The underlying issue likely involves unsafe deserialization, template injection, dynamic code execution, or command injection within backup processing pipelines that fail to properly sanitize user-controlled inputs from authenticated domain accounts.

Affected Products

Based on the description referencing 'Backup Server,' this likely affects Veeam Backup & Replication, Commvault CommServe, or similar enterprise backup platforms. Specific product versions, CPE strings, and vendor advisory URLs were not provided in the source data. Organizations should cross-reference their backup solution with vendor security advisories immediately. To identify affected versions, consult: (1) vendor security bulletins for CVE-2025-23121, (2) product version/build numbers in backup server administrative consoles, (3) vendor CPE databases (e.g., Veeam KB articles). Typical CPE format would be 'cpe:2.3:a:vendor:backup_server:version:*:*:*:*:*:*:*' with specific version ranges requiring update.

Remediation

Immediate actions: (1) Locate vendor security advisory for CVE-2025-23121 (typically published by affected vendor within 24-48 hours of CVE announcement). (2) Identify patched versions from vendor advisory and deploy to all Backup Server instances. (3) If patch is unavailable or delayed, implement network segmentation to restrict Backup Server access to trusted administrative networks only; disable domain user access to backup interfaces if operationally feasible. (4) Monitor Backup Server logs for authentication from non-administrative domain accounts or unusual backup job submissions. (5) Enable MFA for all Backup Server administrative accounts to reduce risk of authenticated exploitation. (6) Review recent access logs for suspicious activity by domain users. Patch application should be prioritized with same urgency as critical Windows security updates due to high CVSS and low barrier to exploitation.

Priority Score

45
Low Medium High Critical
KEV: 0
EPSS: +0.6
CVSS: +44
POC: 0

Share

CVE-2025-23121 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy