Severity by source
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation.
AnalysisAI
Local privilege escalation in Veeam Agent for Microsoft Windows enables a low-privileged authenticated user to escalate to higher privileges on the host, with the CWE-532 mapping indicating sensitive information is exposed via log files that the attacker can read or abuse. CVSS 4.0 base score is 7.3 with high impact to confidentiality, integrity, and availability of the vulnerable component, and no public exploit identified at time of analysis. The flaw is tied to the broader Veeam Backup and Replication 13 ecosystem (≤13.0.1 per ENISA EUVD), making it relevant on any Windows endpoint where the Veeam Agent is deployed alongside or as part of that platform.
Technical ContextAI
Veeam Agent for Microsoft Windows is the endpoint backup client used by Veeam Backup and Replication to capture image-level and file-level backups of Windows workloads, running with elevated service privileges to access protected volumes, VSS, and credential material. CWE-532 (Insertion of Sensitive Information into Log File) indicates the root cause class: the agent or an associated service writes secrets - likely credentials, tokens, or process context used by the backup service - into a log file whose ACLs or location allow a local low-privileged user to read it and reuse the material to act as the higher-privileged service identity. The CPE binds the issue to cpe:2.3:a:veeam:backup_and_replication, reflecting that the agent ships as a component of Veeam Backup and Replication 13, so any Windows host running an agent from that release line is in scope.
RemediationAI
Patch available per vendor advisory at https://www.veeam.com/kb4852 - upgrade Veeam Backup and Replication 13 (and the bundled Veeam Agent for Microsoft Windows) past 13.0.1 to the fixed build referenced in KB4852, since the source data does not name an exact fixed version string to quote verbatim. As compensating controls until patching, restrict interactive and remote logon to Veeam-protected Windows hosts to administrative users only (which neutralizes the PR:L precondition), tighten ACLs on the Veeam Agent log directories so only SYSTEM and local administrators can read them, rotate any service or repository credentials that may have been exposed in pre-patch logs, and purge or secure-archive existing log files; note that aggressive log-directory ACL changes can break support diagnostics and log-collection scripts, so coordinate with backup operations before applying.
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-32712
GHSA-3xr7-767q-qr44