轉發 台灣電腦網路危機處理暨協調中心 TWCERTCC-200-202510-00000005

[內容說明]
Veeam Backup 和 Replication是Veeam核心備份軟體，近日Veeam發布重大資安漏洞公告。

【CVE-2025-48983，CVSS：9.9】 此漏洞存在Veeam Backup 和 Replication 的 Mount 服務中，允許經網域驗證的使用者，在備份基礎架構主機上執行遠端程式碼。

【CVE-2025-48984，CVSS：9.9】 此漏洞允許經網域驗證的使用者，在備份伺服器上執行遠端程式碼。

[影響平台]
Veeam Backup 和 Replication 12.3.2.3617 (含)之前版本

[建議措施]
更新 Veeam Backup 和 Replication 12.3.2.4165 (含)之後版本

[參考資料]
https://www.twcert.org.tw/tw/cp-169-10443-f096d-1.html

Forwarded by Taiwan Computer Network Crisis Response and Coordination Center (TWCERTCC-200-202510-00000005)

[Description]
Veeam Backup and Replication are core backup software products from Veeam. Veeam recently released a critical security vulnerability advisory.

[CVE-2025-48983, CVSS: 9.9] This vulnerability exists in the Mount service of Veeam Backup and Replication, allowing domain-authenticated users to execute remote code on the backup infrastructure host.

[CVE-2025-48984, CVSS: 9.9] This vulnerability allows domain-authenticated users to execute remote code on the backup server.

[Affected Platforms]
Veeam Backup and Replication versions earlier than 12.3.2.3617

[Recommended Action]
Update to Veeam Backup and Replication versions later than 12.3.2.4165

[References]
https://www.twcert.org.tw/tw/cp-169-10443-f096d-1.html