CVE-2025-48984
Published: 31 October 2025
Summary
CVE-2025-48984 is a high-severity Code Injection (CWE-94) vulnerability in Veeam Veeam Backup \& Replication. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 45.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the RCE vulnerability by requiring timely remediation through patching of the affected Veeam Backup Server as specified in the vendor advisory.
Counters the CWE-94 code injection by enforcing validation of all inputs to the backup server, preventing arbitrary code execution by authenticated domain users.
Enforces least privilege for domain users accessing the backup server, reducing the attack surface and potential impact of low-privilege exploitation leading to RCE.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2025-48984 enables remote code execution via code injection in Veeam Backup Server, requiring low privileges (authenticated domain user), directly facilitating Exploitation of Remote Services (T1210) and Exploitation for Privilege Escalation (T1068) to achieve system compromise.
NVD Description
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.
Deeper analysisAI
CVE-2025-48984 is a remote code execution (RCE) vulnerability affecting the Veeam Backup Server, classified under CWE-94 (code injection). It enables an attacker to execute arbitrary code on the server. The vulnerability has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility, low attack complexity, and requirement for low privileges, with high impacts on confidentiality, integrity, and availability.
An authenticated domain user can exploit this vulnerability remotely over the network without user interaction. Successful exploitation grants the attacker RCE on the Backup Server, potentially allowing full compromise of the system, data exfiltration, or further lateral movement within the environment.
The Veeam advisory at https://www.veeam.com/kb4771 provides details on mitigation, including available patches and workarounds for affected versions of the Backup Server. Security practitioners should consult this KB article for specific remediation steps and verify their deployments.
Details
- CWE(s)