CVE Vulnerabilities

CVE-2025-24286

Improper Privilege Management

Published: Jun 19, 2025 | Modified: Jul 16, 2025
CVSS 3.x
4.9
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name Vendor Start Version End Version
Veeam_backup_&_replication Veeam * 12.3.2.3617 (excluding)

Potential Mitigations

References