Hello,
OpenSSL 3.0.8 is beeing installed in the Veeam folders on our Linux Servers (for example for repos). Will there be an update shortly to fix CVE-2025-15467?
Markus
-
mkretzer
- Veeam Legend
- Posts: 1326
- Liked: 486 times
- Joined: Dec 17, 2015 7:17 am
- Contact:
-
Mildur
- Product Manager
- Posts: 11547
- Liked: 3239 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: OpenSSL CVE-2025-15467
Hi Markus
Our Security team is aware and is currently investigating it.
Best,
Fabian
Our Security team is aware and is currently investigating it.
Best,
Fabian
Product Management Analyst @ Veeam Software
-
Mildur
- Product Manager
- Posts: 11547
- Liked: 3239 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: OpenSSL CVE-2025-15467
Hi Markus
Our application security team already completed the investigation two weeks ago.
Best,
Fabian
Our application security team already completed the investigation two weeks ago.
- Veeam Backup & Replication 12.x (12.0, 12.1, 12.2, and 12.3) is not impacted as it uses OpenSSL 1.0.2, which is explicitly mentioned as not being affected by this vulnerability.
- Veeam Backup & Replication 13.x (13.0.0 and 13.0.1) is not impacted as the software doesn't use CMS types for encryption.
Best,
Fabian
Product Management Analyst @ Veeam Software
-
mkretzer
- Veeam Legend
- Posts: 1326
- Liked: 486 times
- Joined: Dec 17, 2015 7:17 am
- Contact:
Re: OpenSSL CVE-2025-15467
Hello Fabian,
perfect, thank you!
Markus
perfect, thank you!
Markus
-
holiday
- Lurker
- Posts: 1
- Liked: never
- Joined: Feb 16, 2026 5:27 pm
- Full Name: Troy Ayers
- Contact:
[MERGED] CVE-2025-15467 veeam openssl v3.0.0 FIPS
I was sent here by technical support. Case # 07991501.
We notice that windows Veeam agent 13 installs "openssl v3.0.0 FIPS" which seems to flag CVE-2025-15467 for us.
Is there patch to update this to newer version of openssl available or planned?
Or is there a time frame of when we can expect an updated veeam windows agent with a newer version of openssl?
We notice that windows Veeam agent 13 installs "openssl v3.0.0 FIPS" which seems to flag CVE-2025-15467 for us.
Is there patch to update this to newer version of openssl available or planned?
Or is there a time frame of when we can expect an updated veeam windows agent with a newer version of openssl?
-
Mildur
- Product Manager
- Posts: 11547
- Liked: 3239 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: OpenSSL CVE-2025-15467
Hi Troy
Welcome to the forum. I moved your question to the existing topic.
Our products do not use the vulnerable OpenSSL component („CMS types“) and are therefore not impacted by this OpenSSL vulnerability.
We plan to update OpenSSL as part of the next upgrade.
Best,
Fabian
Welcome to the forum. I moved your question to the existing topic.
Our products do not use the vulnerable OpenSSL component („CMS types“) and are therefore not impacted by this OpenSSL vulnerability.
We plan to update OpenSSL as part of the next upgrade.
Best,
Fabian
Product Management Analyst @ Veeam Software
Who is online
Users browsing this forum: 6equj5, AdsBot [Google], Chris Kay, NikoWana and 102 guests