Ethan Grammer
Guillermo Sánchez / June 28, 2025 / 2 minutes of readingAdvisories, Vulnerabilities & Alerts
Critical RCE Flaw Discovered in Veeam Backup & Replication (CVE 202523121)
Description:
Veeam has released patches addressing a critical remote code execution (RCE) vulnerability in Backup & Replication version 12.x. Tracked as CVE202523121, the issue was reported by researchers at watchTowr Labs and CODE WHITE. The flaw affects all 12.x builds up to version 12.3.1.1139. It allows authenticated domain users to execute code on the backup server with SYSTEM privileges, making it a high-risk vulnerability.
Veeam backup servers are prime targets for ransomware groups. Similar flaws (like CVE202523120) have been exploited in active attacks. Rapid7’s incident data shows over 20% of IR cases in 2024 involved Veeam systems being compromised. Backup servers are often domain-joined despite vendor guidance, widening the vulnerability’s impact.
Recommended Actions:
- Check Veeam version and apply patch or hotfix without delay.
- Avoid domain-joined backup servers; segment them from other internal systems.
- Watch for suspicious login attempts, especially from low-privilege users to backup servers.
The Veeam Security Advisory is available at: https://www.veeam.com/kb4743
External Links:
Microsoft June 2025 Windows Server Update Disrupts DHCP Servicer
Description:
Microsoft has confirmed that the June 10, 2025 security updates for Windows Server (2016, 2019, 2022, and 2025) include a bug that causes the DHCP Server service to freeze or stop responding intermittently.
Affected servers are failing to assign or renew IP addresses, disrupting network connectivity. Administrators report that services fail within seconds of patch installation, creating operational outages. Microsoft has acknowledged the issue in its Patch Tuesday advisories and stated that a fix is being developed and will be released in the coming days.
Recommended Actions:
As a temporary workaround, admins can:
- Reboot Windows Server to restore DHCP service.
- Uninstall the June update to regain normal operations, though this reintroduces security risk.
External Links:
Exploit Details Released for Critical Cisco XE Vulnerability (CVE-2025-20188)
Description:
Researchers have published technical details of a critical vulnerability in Cisco IOS XE Wireless LAN Controllers (WLC), identified as CVE-2025-20188. This flaw, disclosed by Cisco on May 7, 2025, allows unauthenticated remote attackers to upload arbitrary files, perform path traversal, and execute commands with root privileges. The vulnerability stems from a hard-coded JSON Web Token (JWT) used in the ‘Out-of-Band AP Image Download’ feature.
Affected devices include:
- Catalyst 9800-CL Wireless Controllers for Cloud
- Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
- Catalyst 9800 Series Wireless Controllers
- Embedded Wireless Controller on Catalyst Access Points
Recommended Actions:
Organizations using these devices should verify if the ‘Out-of-Band AP Image Download’ feature is enabled and apply the necessary patches provided by Cisco to mitigate this vulnerability.
The Cisco Security Advisory is available at: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC
External Links: