CVE-2025-48983
Published: 31 October 2025
Summary
CVE-2025-48983 is a critical-severity Improper Access Control (CWE-284) vulnerability in Veeam Veeam Backup \& Replication. Its CVSS base score is 9.9 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 46.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly enforces proper access controls to mitigate the improper access control (CWE-284) in Veeam Mount service that enables RCE by authenticated domain users.
Applies least privilege to restrict low-privilege authenticated domain users from achieving RCE on backup infrastructure hosts via the vulnerable Mount service.
Requires timely flaw remediation, such as patching the critical RCE vulnerability in Veeam Backup & Replication's Mount service per official mitigations.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables remote code execution (RCE) in the Mount service by low-privileged authenticated domain users, directly facilitating Exploitation of Remote Services (T1210) for lateral movement and Exploitation for Privilege Escalation (T1068) due to the privilege increase and changed scope.
NVD Description
A vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code execution (RCE) on the Backup infrastructure hosts by an authenticated domain user.
Deeper analysisAI
CVE-2025-48983 is a critical vulnerability in the Mount service of Veeam Backup & Replication that allows remote code execution (RCE) on backup infrastructure hosts. Published on 2025-10-31, it carries a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) and is associated with CWE-284 (Improper Access Control).
The vulnerability can be exploited remotely by an authenticated domain user possessing low privileges. Attackers require network access and minimal setup, with no user interaction needed. Successful exploitation grants RCE on the affected backup hosts, enabling high-impact compromise of confidentiality, integrity, and availability across a changed scope.
Mitigation details are available in the official Veeam knowledge base article at https://www.veeam.com/kb4771.
Details
- CWE(s)