FISA

Critical Vulnerability in Veeam Backup & Replication Exposes Enterprises to Remote Code Execution By : Rei Ibraima A newly discovered critical vulnerability in Veeam’s Backup & Replication software, designated as CVE-2025-23120, poses a significant security risk to enterprise environments. The flaw allows authenticated domain users to execute arbitrary code remotely, potentially leading to full compromise of backup infrastructures. About CVE-2025-23120 The vulnerability arises from an insecure deserialization issue within Veeam Backup & Replication components—particularly in the .NET classes Veeam.Backup.EsxManager.xmlFrameworkDs and Veeam.Backup.Core.BackupSummary. Improper input validation in these components allows attackers to inject malicious serialized objects that are executed on the server side, resulting in Remote Code Execution (RCE). This issue affects systems where Veeam Backup & Replication is deployed in a domain-joined configuration, which—while common—is...

 One of the most challenging aspects of cloud-hosted applications and data is achieving your desired outcome without being shocked by your bill  at the end of the month. Balancing the needs of your business and your proverbial checkbook is not an easy thing. In fact, an entire practice called FinOps – a portmanteau of finance and DevOps – was born just to address this, bringing together business and technical teams to collaborate on efficient and optimized spending, particularly in the cloud. One area where this is of particular importance is cloud backup. We’re dealing with copies of large data sets that are often stored for lengthy periods of time, and all of these consume pay-for-what-you-use compute, storage and networking resources. So, what are some best practices when it comes to cloud backup to meet required service level agreements (SLAs) like RTOs, RPOs and retention without breaking the bank? Right-Sizing All cloud providers offer a wide selection of instance/virtua...