Hi Everyone,
Several Windows Server machines in our environment have Veeam Agent for Windows installed and connected to the Veeam Backup Server.
All backup jobs are running normally.
However, our company’s internal vulnerability scanner recently detected a potentially insecure file located in the Veeam Agent installation path on multiple servers:
System.Text.Json.dll (current version: 6.0.222.6406).
The scanner recommends updating it to 6.0.10 or 8.0.5.
The related CVE is CVE-2024-43485.
Here’s our current environment:
Veeam Server version: 12.3.2
Veeam Agent version: 6.3.2.1205
Detected path: C:\Program Files\Veeam\Endpoint Backup\net462
May I ask how this file should be handled?
Do we need to manually patch or update it, and if so, what is the correct method?
I’ve also opened a support case (#07839563) for further investigation.
Any advice or guidance from the community or Veeam team would be greatly appreciated.
Thanks in advance for your help!
-
- Lurker
- Posts: 1
- Liked: never
- Joined: Oct 11, 2025 1:38 am
- Full Name: Wade.Ling
- Contact:
-
- Product Manager
- Posts: 10945
- Liked: 3000 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Vulnerable File Detected on Windows Server with Veeam Agent
Hi Wade,
Our R&D team is aware of this CVE affecting a third-party component we use with Veeam Agent.
According to our internal notes, manual patching is not possible, as this DLL file has version dependencies on other DLLs that must be updated together.
A fix is planned for the next update of Veeam Agent. I will contact our security team for further information and provide you with an update as soon as I have it.
Best regards,
Fabian
Our R&D team is aware of this CVE affecting a third-party component we use with Veeam Agent.
According to our internal notes, manual patching is not possible, as this DLL file has version dependencies on other DLLs that must be updated together.
A fix is planned for the next update of Veeam Agent. I will contact our security team for further information and provide you with an update as soon as I have it.
Best regards,
Fabian
Product Management Analyst @ Veeam Software
Who is online
Users browsing this forum: No registered users and 6 guests