-
- Enthusiast
- Posts: 25
- Liked: 15 times
- Joined: Feb 03, 2020 2:20 pm
- Full Name: Jeroen Leeflang
- Contact:
CVE-2025-48982: How "easy" is this to exploit?
Hello,
I am looking into CVE-2025-48982 and try to understand the way this vulnerability works.
To me it seems like this:
Someone with bad intentions had to compromise base security and gain access to a resouce protected by Veeam Agent for Windows.
The "hacker" needs to place a malicious file on this server and needs to wait until it is backedup.
Then the hacker needs to contact the backup administrator and kindly ask him/her to restore the malicious file.
From here things get unclear. Does this file magically gets executed as soon as it is processed by Veeam Agent for Windows? Does this file needs to be restored to a specific location where it can be executed with increased permissions? Does it replace an other system file? What makes this file so special that it needs Veeam to patch the Agent for Windows?
How "complex" is it to exploit this vulnerabilty? Please provide some more info for us to make our own choice regarding the importance of this vulnerability.
I am looking into CVE-2025-48982 and try to understand the way this vulnerability works.
To me it seems like this:
Someone with bad intentions had to compromise base security and gain access to a resouce protected by Veeam Agent for Windows.
The "hacker" needs to place a malicious file on this server and needs to wait until it is backedup.
Then the hacker needs to contact the backup administrator and kindly ask him/her to restore the malicious file.
From here things get unclear. Does this file magically gets executed as soon as it is processed by Veeam Agent for Windows? Does this file needs to be restored to a specific location where it can be executed with increased permissions? Does it replace an other system file? What makes this file so special that it needs Veeam to patch the Agent for Windows?
How "complex" is it to exploit this vulnerabilty? Please provide some more info for us to make our own choice regarding the importance of this vulnerability.
-
- Product Manager
- Posts: 14934
- Liked: 1825 times
- Joined: Feb 04, 2013 2:07 pm
- Full Name: Dmitry Popov
- Location: Prague
- Contact:
Re: CVE-2025-48982: How "easy" is this to exploit?
Hello Jeroen,
I'd recommend to install the patched agent version once you have a next maitenece window. Regarding the exloit details please get in touch with our Application Secutiry team and they will help you to get things sorted veeam.securitycompliance@veeam.com.
Thank you!
I'd recommend to install the patched agent version once you have a next maitenece window. Regarding the exloit details please get in touch with our Application Secutiry team and they will help you to get things sorted veeam.securitycompliance@veeam.com.
Thank you!
-
- Enthusiast
- Posts: 61
- Liked: 5 times
- Joined: Jan 21, 2019 1:38 pm
- Full Name: Dariusz Tyka
- Contact:
Re: CVE-2025-48982: How "easy" is this to exploit?
Hello all,
I have another question related to this CVE-2025-48982 - why it is needed to uninstall previous version of agent (working in standalone mode) and reinstall 6.3.2.1302? Why it cannot be upgraded? Are backup jobs affected by uninstall/reinstall process?
And second question - it is mentioned that private fix will also work for standalone mode but:
I have another question related to this CVE-2025-48982 - why it is needed to uninstall previous version of agent (working in standalone mode) and reinstall 6.3.2.1302? Why it cannot be upgraded? Are backup jobs affected by uninstall/reinstall process?
And second question - it is mentioned that private fix will also work for standalone mode but:
So agent will be upgraded to version 6.3.2.1302 but the autoupdate process will prompt for update?Please note that while the private fix can be applied to standalone deployments, the application's auto-update feature will still prompt you to install the latest build when it becomes available. Therefore, it is recommended to perform a full uninstall and reinstall.
-
- Chief Product Officer
- Posts: 32719
- Liked: 7944 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: CVE-2025-48982: How "easy" is this to exploit?
This was already answered in the adjacent topic. Yes, the standalone agent UI will prompt you to upgrade normally.
-
- Enthusiast
- Posts: 61
- Liked: 5 times
- Joined: Jan 21, 2019 1:38 pm
- Full Name: Dariusz Tyka
- Contact:
Re: CVE-2025-48982: How "easy" is this to exploit?
Thank you for prompt answer Gostev. But have anothe one - I installed this private fix on standalone agent but it still shows 6.3.2.1205 version within GUI - how I can check the fix was correctly applied?
-
- Product Manager
- Posts: 14934
- Liked: 1825 times
- Joined: Feb 04, 2013 2:07 pm
- Full Name: Dmitry Popov
- Location: Prague
- Contact:
-
- Enthusiast
- Posts: 61
- Liked: 5 times
- Joined: Jan 21, 2019 1:38 pm
- Full Name: Dariusz Tyka
- Contact:
Re: CVE-2025-48982: How "easy" is this to exploit?
Thank you Dima.
-
- Enthusiast
- Posts: 30
- Liked: 7 times
- Joined: Dec 05, 2020 4:08 pm
- Full Name: A.Z. SRL
- Contact:
Re: CVE-2025-48982: How "easy" is this to exploit?
According to my experience, this is not happening.
Downloaded the file, standalone agent won't allow upgrade from that file, requesting removal and reinstall.
Moreover, using
Code: Select all
winget
Code: Select all
winget update Veeam.VeeamAgent
Available for test if needed.
-
- Chief Product Officer
- Posts: 32719
- Liked: 7944 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: CVE-2025-48982: How "easy" is this to exploit?
I was referring to the message box from check for updates functionality in the standalone agent UI.
-
- Enthusiast
- Posts: 30
- Liked: 7 times
- Joined: Dec 05, 2020 4:08 pm
- Full Name: A.Z. SRL
- Contact:
Re: CVE-2025-48982: How "easy" is this to exploit?
So it's official than "uninstall and reinstall" or "GUI" are the only supported upgrade paths?
-
- Chief Product Officer
- Posts: 32719
- Liked: 7944 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: CVE-2025-48982: How "easy" is this to exploit?
Yes, just as said message box explains, you must uninstall the existing agent.
-
- Enthusiast
- Posts: 30
- Liked: 7 times
- Joined: Dec 05, 2020 4:08 pm
- Full Name: A.Z. SRL
- Contact:
Re: CVE-2025-48982: How "easy" is this to exploit?
I think all the infrastructure will wait the next release.
-
- Chief Product Officer
- Posts: 32719
- Liked: 7944 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: CVE-2025-48982: How "easy" is this to exploit?
If you have a serious infrastructure then you should not be using standalone agents in the first place, only agents managed by VBR. Standalone agents are designed for home users as a free offering, they were never meant to be used for protecting "infrastructures".
Who is online
Users browsing this forum: No registered users and 7 guests