A vulnerability in Veeam Backup & Replication allows a low-privileged user to start an agent remotely in server mode and obtain credentials, effectively escalating privileges to system-level access. This allows the attacker to upload files to the server with elevated privileges. The vulnerability exists because remote calls bypass permission checks, leading to full system compromise.

Related CVEs

CVE-2024-42452

Key Information

GHSA ID

GHSA-9g52-r87c-973q

Published

December 4, 2024 3:31 AM

Last Modified

December 4, 2024 3:31 AM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: August 11, 2025 6:32 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.