New Veeam RCE flaw lets domain users hack backup servers
​Veeam has released security updates today to fix several Veeam Backup & Replication (VBR) flaws, including a critical remote code execution (RCE) vulnerability. Tracked as CVE-2025-23121, this security flaw was reported by security researchers at watchTowr and CodeWhite, and it only impacts domain-joined installations. As Veeam explained in a Tuesday security advisory, the vulnerability can be exploited by authenticated domain users in low-complexity attacks to gain code execution remotely on