OpenSSL CVE-2025-15467

Feb 06, 2026 8:18 am

Hello,

OpenSSL 3.0.8 is beeing installed in the Veeam folders on our Linux Servers (for example for repos). Will there be an update shortly to fix CVE-2025-15467?

Markus

Post by **Mildur** » Feb 06, 2026 8:39 am this post

Hi Markus

Our Security team is aware and is currently investigating it.

Best,
Fabian

Feb 11, 2026 2:23 pm

Hi Markus

Our application security team already completed the investigation two weeks ago.

Veeam Backup & Replication 12.x (12.0, 12.1, 12.2, and 12.3) is not impacted as it uses OpenSSL 1.0.2, which is explicitly mentioned as not being affected by this vulnerability.
Veeam Backup & Replication 13.x (13.0.0 and 13.0.1) is not impacted as the software doesn't use CMS types for encryption.

We plan to update the OpenSSL build in Veeam Backup & Replication 13.1 as part of our regular third‑party component updates.

Best,
Fabian

Post by **mkretzer** » Feb 11, 2026 6:09 pm this post

Hello Fabian,

perfect, thank you!

Markus

holiday · Post by **holiday** » Feb 16, 2026 6:01 pm this post

I was sent here by technical support. Case # 07991501.

We notice that windows Veeam agent 13 installs "openssl v3.0.0 FIPS" which seems to flag CVE-2025-15467 for us.

Is there patch to update this to newer version of openssl available or planned?

Or is there a time frame of when we can expect an updated veeam windows agent with a newer version of openssl?

Post by **Mildur** » Feb 16, 2026 6:16 pm this post

Hi Troy

Welcome to the forum. I moved your question to the existing topic.

Our products do not use the vulnerable OpenSSL component („CMS types“) and are therefore not impacted by this OpenSSL vulnerability.
We plan to update OpenSSL as part of the next upgrade.

Best,
Fabian

R&D Forums

OpenSSL CVE-2025-15467

Re: OpenSSL CVE-2025-15467

Re: OpenSSL CVE-2025-15467

Re: OpenSSL CVE-2025-15467

[MERGED] CVE-2025-15467 veeam openssl v3.0.0 FIPS

Re: OpenSSL CVE-2025-15467

Who is online