Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/catc0n/statuses/114191617178926285">Caitlin Condon (catc0n@infosec.exchange)'s status on Thursday, 20-Mar-2025 08:16:56 JST</a><a href="https://infosec.exchange/@catc0n" title="catc0n@infosec.exchange"><img src="https://gnusocial.jp/avatar/237167-48-20240121172844.webp" width="48" height="48" alt="Caitlin Condon" style="position: absolute; left: 0; top: 0;">Caitlin Condon</a><div><ul><li></ul></div></section><article><p>Okay, so Tomcat's a bust, but this sucker (CVE-2025-23120) could get interesting if the technical reality matches the advisory severity. </p><p>It still throws me how many incidents Rapid7 MDR sees that include abuse of Veeam Backup &amp; Replication in some manner — the deployment footprint of this product is always surprising to me, maybe because it's not usually internet-exposed, dunno. Anywho, domain-joined backup servers might be "against best practices," but that doesn't mean it's uncommon 🤷♀️ Thx to <a href="https://infosec.exchange/@fuzz">@fuzz</a> for being on top of it as usual! </p><p><a href="https://www.rapid7.com/blog/post/2025/03/19/etr-critical-veeam-backup-and-replication-cve-2025-23120/" rel="nofollow">https://www.rapid7.com/blog/post/2025/03/19/etr-critical-veeam-backup-and-replication-cve-2025-23120/</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4761247#notice-9326710">In conversation</a><time datetime="2025-03-20T08:16:56+09:00" title="Thursday, 20-Mar-2025 08:16:56 JST">about 2 months ago</time> <span>from <span><a href="https://infosec.exchange/@catc0n/114191617178926285" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@catc0n/114191617178926285">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: blog.rapid7.com</div><h5><a href="https://www.rapid7.com/blog/post/2025/03/19/etr-critical-veeam-backup-and-replication-cve-2025-23120/">Critical Veeam Backup &amp; Replication CVE-2025-23120 | Rapid7 Blog</a></h5><div></div></header><div></div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Caitlin Condon (catc0n@infosec.exchange)'s status on Thursday, 20-Mar-2025 08:16:56 JSTCaitlin Condon
- Ryan Emmons
Okay, so Tomcat's a bust, but this sucker (CVE-2025-23120) could get interesting if the technical reality matches the advisory severity.
It still throws me how many incidents Rapid7 MDR sees that include abuse of Veeam Backup & Replication in some manner — the deployment footprint of this product is always surprising to me, maybe because it's not usually internet-exposed, dunno. Anywho, domain-joined backup servers might be "against best practices," but that doesn't mean it's uncommon 🤷♀️ Thx to @fuzz for being on top of it as usual!
https://www.rapid7.com/blog/post/2025/03/19/etr-critical-veeam-backup-and-replication-cve-2025-23120/
In conversationabout 2 months ago from infosec.exchangepermalink
Attachments
1. Domain not in remote thumbnail source whitelist: blog.rapid7.com
  Critical Veeam Backup & Replication CVE-2025-23120 | Rapid7 Blog

Public

Embed Notice

HTML Code

Corresponding Notice