Cyber Resilience

CVE-2023-27532

HighCISA KEVActive ExploitationEUVD ExploitedRansomware-linked

Published: 10 March 2023

Published
10 March 2023
Modified
03 November 2025
KEV Added
22 August 2023
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.8381 99.3th percentile
Risk Priority 85 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-27532 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Veeam Veeam Backup \& Replication. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 0.7% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-28 (Protection of Information at Rest).

Deeper analysis

Veeam Backup & Replication contains a vulnerability that permits encrypted credentials stored in the configuration database to be retrieved. The flaw resides in a core component of the backup product and carries a CVSS 3.1 base score of 7.5, reflecting network attack vector, low complexity, and no required authentication or user interaction. Successful exploitation can expose credentials that protect the backup infrastructure hosts.

An unauthenticated attacker with network access can obtain the credentials and subsequently use them to reach backup servers and associated hosts. The weakness is categorized under CWE-306, indicating missing authentication for a critical function that protects stored secrets.

Veeam addresses the issue in knowledge-base article KB4424, while CISA lists the CVE in its catalog of known exploited vulnerabilities, confirming active exploitation in the wild. The associated EPSS score has reached a peak of 0.8486 and currently stands at 0.8381, indicating sustained attacker interest after public disclosure.

EU & UK References

Vulnerability details

Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.

CWE(s)
KEV Date Added
22 August 2023

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

veeam
veeam backup \& replication
11.0.1.1261, 12.0.0.1420 · ≤ 11.0.1.1261

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces access control on the Veeam configuration database so that network-accessible unauthenticated retrieval of stored credentials is blocked.

prevent

Requires cryptographic protection of credentials at rest in the configuration database, directly mitigating the flaw that allows their retrieval.

prevent

Limits privileges on the backup server and database so that even authenticated users or processes cannot obtain the full set of stored infrastructure credentials.

References