CVE-2025-24287
Description
A vulnerability allowing local system users to modify directory contents, allowing for arbitrary code execution on the local system with elevated permissions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Local users can modify directory contents in Veeam Backup & Replication, leading to arbitrary code execution with elevated permissions.
Vulnerability
Overview CVE-2025-24287 is a vulnerability in Veeam Backup & Replication that allows local system users to modify directory contents. This flaw can be exploited to achieve arbitrary code execution on the local system with elevated permissions [1].
Exploitation
An attacker with local access to the system can manipulate directory contents, potentially by placing malicious files or altering existing ones. The vulnerability requires local user privileges but no authentication or network access beyond the local system [1].
Impact
Successful exploitation enables the attacker to execute arbitrary code with elevated permissions, compromising the integrity and confidentiality of the system. This could lead to full control over the affected host [1].
Mitigation
The vulnerability is resolved in Veeam Backup & Replication version 12.3.2 (build 12.3.2.3617). Users are advised to upgrade to this version or later. Unsupported product versions are likely affected and should be considered vulnerable [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.