Vulnerabilites related to Veeam - Backup for Microsoft Windows
CVE-2025-24287 (GCVE-0-2025-24287)
Vulnerability from cvelistv5
Published
2025-06-18 23:30
Modified
2025-06-23 16:05
Severity ?
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
Summary
A vulnerability allowing local system users to modify directory contents, allowing for arbitrary code execution on the local system with elevated permissions.
References
Impacted products
Vendor Product Version
Veeam Backup for Microsoft Windows Version: 6.2.0.121    6.2.0.121
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24287",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-23T15:43:15.373423Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-94",
                "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-23T16:05:55.893Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Backup for Microsoft Windows",
          "vendor": "Veeam",
          "versions": [
            {
              "lessThanOrEqual": "6.2.0.121",
              "status": "affected",
              "version": "6.2.0.121",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability allowing local system users to modify directory contents, allowing for arbitrary code execution on the local system with elevated permissions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
            "version": "3.1"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-18T23:30:47.508Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://www.veeam.com/kb4743"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2025-24287",
    "datePublished": "2025-06-18T23:30:47.508Z",
    "dateReserved": "2025-01-17T01:00:07.457Z",
    "dateUpdated": "2025-06-23T16:05:55.893Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}