Veeam has just released a new patch for Veeam Backup & Replication 12.3 to solve several bug and security issues described in https://www.veeam.com/kb4743. The new version will be: 12.3.2.3617

You can check the installed build number in the Veeam Backup & Replication Console’s Main Menu (≡) under Help > About.

This patch includes also other bug fixes… for more information see https://www.veeam.com/kb4696

Fixed Vulnerabilities

Veeam Backup & Replication

• CVE-2025-23121 | Severity: Critical (9.9)
  A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.
  Note: This vulnerability only impacts domain-joined backup servers.
  ^{Veeam Backup & Replication Security Best Practice Guide > Workgroup or Domain?}
• CVE-2025-24286 | Severity: High (7.2)
  A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code.

Veeam Agent for Microsoft Windows

• CVE-2025-24287 | Severity: Medium (6.1)
  A vulnerability allowing local system users to modify directory contents, allowing for arbitrary code execution on the local system with elevated permissions.

^{Indicated severity values are CVSS 3.1 scores.}

Note that this version does not include (yet) the support to VMware vSphere 9.0 (or VMware Cloud Foundation 9.0)… It remain the same note about the previous 12.3.1.1139 version, about a generic VMware vSphere 9.0 readiness based on the pre-release builds. The official support will be confirmed with a full regression testing of the GA build when it becomes available.