CVE-2025-23114CRITICAL 9.0EPSS p43.5%

CVE-2025-23114CVE-2025-23114

Description

A vulnerability in Veeam Updater component allows Man-in-the-Middle attackers to execute arbitrary code on the affected server. This issue occurs due to a failure to properly validate TLS certificate.

Scoring

CVSS 3.09.0 (CRITICAL)
VectorCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS0.59% probability of exploitation · percentile 43.5% · 2026-06-18T12:00:27Z
Published2025-02-05
Last modified2026-04-15

Underlying weaknesses· 1

CWE-295

References

  1. https://www.veeam.com/kb4712

1

TypeTargetConfidenceTier
WeaknessImproper Certificate Validationcwe-2950%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Veeam Backup & Replication Remote Code Execution Vulnerability
CVE
CVE-2026-21671
CVE
CVE-2025-48983
CVE
Veeam Backup and Replication Deserialization Vulnerability
CVE
CVE-2025-23364
CVE
CVE-2026-21672
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.