#VU103620 Cleartext transmission of sensitive information in Veeam products - CVE-2025-23114
Published: February 4, 2025
Vulnerability identifier: #VU103620
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2025-23114
CWE-ID: CWE-319
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Veeam Updater for Veeam Backup for Salesforce
Veeam Updater for Veeam Backup for Nutanix AHV
Veeam Updater for Veeam Backup for AWS
Veeam Updater for Veeam Backup for Google Cloud
Veeam Updater for Veeam Backup for Microsoft Azure
Veeam Updater for Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization
Veeam Updater for Veeam Backup for Salesforce
Veeam Updater for Veeam Backup for Nutanix AHV
Veeam Updater for Veeam Backup for AWS
Veeam Updater for Veeam Backup for Google Cloud
Veeam Updater for Veeam Backup for Microsoft Azure
Veeam Updater for Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization
Software vendor:
Veeam
Veeam
Description
The vulnerability allows a remote attacker to perform MitM attack
The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker with ability to intercept network traffic can perform MitM attack.
Remediation
Install updates from vendor's website.