Security Advisory Veeam Backup for Microsoft Azure on Resolved Vulnerability (CVE-2025-23082)
Vulnerability discovered in Veeam Backup for Microsoft Azure backup appliance, which is used by Veeam Backup & Replication to protect Microsoft Azure workloads
This is a Press Release edited by StorageNewsletter.com on January 17, 2025 at 2:01 pmVeeam Software, Inc. had published a security advisory concerning a resolved vulnerability on Veeam Backup for Microsoft Azure backup appliance.
KB ID: 4709 Product: Veeam Backup for Microsoft Azure | 7 Published: 2025-01-13 Last Modified: 2025-01-13
This article documents a vulnerability discovered in the Veeam Backup for Microsoft Azure backup appliance, which is used by Veeam Backup & Replication to protect Microsoft Azure workloads.
If a Veeam Backup & Replication deployment is not protecting Microsoft Azure workloads, such a deployment is not impacted by the vulnerability discussed in this article.
You can verify if Veeam Backup & Replication manages a Veeam Backup for Microsoft Azure backup appliance by checking the Backup Infrastructure > Managed Servers list for any ‘Microsoft Azure backup appliance’ type entries.
Issue details:
CVE-2025-23082
A vulnerability that may allow an attacker to utilize Server-Side Request Forgery (SSRF) to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
Affects Veeam Backup for Microsoft Azure 7.1.0.22 and all earlier versions.
Severity: High
CVSS v3.1 Score: 7.2
Source: Discovered during internal testing.
Solution
This vulnerability was fixed starting in following build of Veeam Backup for Microsoft Azure:
Subscribe to our free daily newsletter
