-
mscheel
- Service Provider
- Posts: 6
- Liked: never
- Joined: Apr 16, 2019 3:48 pm
- Full Name: Mitch
- Contact:
CVE-2025-23121 kb4743 Clarification
Could anyone clarify if CVE-2025-23121 is a new problem, a typo, or did the patch in 12.3.1.1139 for CVE-2025-23120 not resolve the bug? I haven't been able to find any references to CVE-2025-23121 in the NVD or other databases. The only references seem to be on the Veeam KB4743, and it appears to be the same as CVE-2025-23120 based on the limited information available.
-
mscheel
- Service Provider
- Posts: 6
- Liked: never
- Joined: Apr 16, 2019 3:48 pm
- Full Name: Mitch
- Contact:
Re: CVE-2025-23121 kb4743 Clarification
Based on some additional research into CVE-2025-23120, I am going to assume CVE-2025-23121 is a new issue based on the research released by CODE WHITE GmbH regarding a bypass for the CVE-2025-23120 fix. This is speculation, but I suppose we will find out more when the CVE gets published.
-
Gostev
- Chief Product Officer
- Posts: 32329
- Liked: 7686 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: CVE-2025-23121 kb4743 Clarification
Yes, it's a new issue with a very different type of fix comparing to what we used for patching CVE-2025-23120.
-
pesos
- Expert
- Posts: 229
- Liked: 30 times
- Joined: Nov 12, 2014 9:40 am
- Full Name: John Johnson
- Contact:
Re: CVE-2025-23121 kb4743 Clarification
Another 13 gigs to download and disseminate and install, w00t!
-
Gostev
- Chief Product Officer
- Posts: 32329
- Liked: 7686 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: CVE-2025-23121 kb4743 Clarification
It's 9GB actually, unless you're upgrading from versions prior to 12.3... but yeah still a lot.
We hope to be able to offer smaller update packaging going forward, the team is working on it.
We hope to be able to offer smaller update packaging going forward, the team is working on it.
-
pesos
- Expert
- Posts: 229
- Liked: 30 times
- Joined: Nov 12, 2014 9:40 am
- Full Name: John Johnson
- Contact:
Re: CVE-2025-23121 kb4743 Clarification
Thanks Gostev, that’s awesome news!!
-
chrisr
- Influencer
- Posts: 22
- Liked: 4 times
- Joined: May 19, 2022 1:45 pm
- Contact:
Re: CVE-2025-23121 kb4743 Clarification
From reading about this cve, amongst other things it would appear that one of the concerns is that domain membership expands the attack surface by adding domain users to the local users group, so is one potential mitigation to remove this while other factors are considered in domain removal of various veeam components?
-
igoradsilva
- Novice
- Posts: 4
- Liked: 1 time
- Joined: Sep 05, 2024 6:53 pm
- Contact:
Re: CVE-2025-23121 kb4743 Clarification
I believe it is a good practice not to have you backup environment authenticating to your production environment. The simplest way to do this is by using local login. When it comes to Active Directory, I personally think the production domain must be used solely for end-user services authentication. Any infrastructure server/device/service - such as virtualization or server OS - must be authenticated to another database (maybe even another Active Directory domain, provided it is agnostic to the production domain).
In our case, we created a separate AD domain to which we joined our backup server and other backup infrastructure components. It is useful because we can centrally manage logins, updates and other stuff of our backup environment while it is still segregated from our production environment
In our case, we created a separate AD domain to which we joined our backup server and other backup infrastructure components. It is useful because we can centrally manage logins, updates and other stuff of our backup environment while it is still segregated from our production environment
Who is online
Users browsing this forum: Semrush [Bot] and 12 guests