BugZero | Veeam BugID kb4709 - Veeam Backup for Microsoft Azure Vulnerability

OPERATIONAL DEFECT DATABASE

...

BugZero | Veeam BugID kb4709 - Veeam Backup for Microsoft Azure Vulnerability - C...

Veeam - Defect ID: kb4709

Veeam Backup for Microsoft Azure Vulnerability - CVE-2025-23082

Veeam - Defect ID: kb4709

Veeam Backup for Microsoft Azure Vulnerability - CVE-2025-23082

Last updated on January 29th, 2025

BugZero Risk Score
4.3 Medium

Overall: 4.3

Severity: 4.6

Community: 6.6

What is the BugZero Risk Score?

Veeam Integration

Learn more about where this data comes from

Veeam Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Priority: Unspecified
Status: Solved

Description

Issue Details

CVE-2025-23082 A vulnerability that may allow an attacker to utilize Server-Side Request Forgery (SSRF) to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. Affects Veeam Backup for Microsoft Azure 7.1.0.22 and all earlier versions. Severity: HighCVSS v3.1 Score: 7.2CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:NSource: Discovered during internal testing.

Solution

This vulnerability was fixed starting in the following build of Veeam Backup for Microsoft Azure:

Change history

2025-01-29 Added: 7

Top Veeam Defects

9.9Defect ID: kb4445
Restore/Failover/SureBackup of Virtual Machines running Windows 8.1/Window Server 2012 R2 (or older) triggers chkdsk if Veeam Backup Server or Mount Server is Running Windows Server 2022 (or newer)
9.8Defect ID: kb4529
OneDrive backup job fails with "Download request retry timeout exceeded"
9.8Defect ID: kb1914
“Invalid Credentials” Error Adding a Hyper-V Host Using a Local Account
9.7Defect ID: kb4648
Connection to Veeam Software Appliance Fails With: "Authentication failed: invalid credentials"
9.7Defect ID: kb4548
Agent is managed by another Veeam server

Veeam Integration

Learn more about where this data comes from

Veeam Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Veeam - Defect ID: kb4709

Veeam Backup for Microsoft Azure Vulnerability - CVE-2025-23082

Veeam - Defect ID: kb4709

Veeam Backup for Microsoft Azure Vulnerability - CVE-2025-23082

Last updated on January 29th, 2025

BugZero Risk Score4.3 Medium

Bug Details

Issue Details

Solution

Links

Top Veeam Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
4.3 Medium