Cleartext transmission of sensitive information in Veeam products - CVE-2025-23114
Published: February 4, 2025
Vulnerability identifier: #VU103620
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2025-23114
CWE-ID: CWE-319
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Veeam
Affected software:
Veeam Updater for Veeam Backup for Salesforce
Veeam Updater for Veeam Backup for Nutanix AHV
Veeam Updater for Veeam Backup for AWS
Veeam Updater for Veeam Backup for Google Cloud
Veeam Updater for Veeam Backup for Microsoft Azure
Veeam Updater for Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization
Veeam Updater for Veeam Backup for Salesforce
Veeam Updater for Veeam Backup for Nutanix AHV
Veeam Updater for Veeam Backup for AWS
Veeam Updater for Veeam Backup for Google Cloud
Veeam Updater for Veeam Backup for Microsoft Azure
Veeam Updater for Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization
Detailed vulnerability description
The vulnerability allows a remote attacker to perform MitM attack
The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker with ability to intercept network traffic can perform MitM attack.
How to mitigate CVE-2025-23114
Install updates from vendor's website.