Veeam Patches Critical Vulnerability in Service Provider Console

News Desk - 25/03/2025

Share

Veeam Software has patched a critical security flaw in its Veeam Service Provider Console, a platform used by backup and disaster recovery service providers. The vulnerability, identified as CVE-2024-45206 (BDU:2024-1170), was discovered by Nikita Petrov, a Senior Penetration Testing Specialist at Positive Technologies’ PT SWARM team.

Following responsible disclosure, Veeam quickly released a security patch to address the issue.

What Is the Vulnerability?

The flaw is an SSRF (Server-Side Request Forgery) vulnerability, rated 6.5 on the CVSS 3.0 scale. It affected Veeam Service Provider Console versions 7.x through 8.0.x.

If exploited, attackers could send arbitrary HTTP requests on behalf of the server. This could allow access to internal networks, exposing sensitive resources.

Who Is at Risk?

According to open-source data, as of January 2025, 2,587 systems worldwide remain vulnerable. The countries with the most exposed systems include:

  • United States (26%)
  • Türkiye (20%)
  • Germany & Great Britain (6% each)
  • Canada & France (5% each)

The flaw mainly affects large enterprises, which are the primary users of Veeam Service Provider Console.

Why Is This a Serious Threat?

Nikita Petrov explained that attackers could use this vulnerability to interact with internal systems. This could reveal network infrastructure details and lead to further attacks.

In 2022, Positive Technologies also discovered security flaws in Veeam Backup & Replication and Veeam Agent for Microsoft Windows.

What Should Users Do?

To protect against exploitation, Veeam recommends updating to version 8.1.0.21377 or later. Prompt action is essential to safeguard systems.

Positive Technologies also suggests using advanced security tools like:

  • Web Application Firewalls (WAF) – Such as PT Application Firewall, available both on-premises and in the cloud.
  • Static Code Analysis – Tools like PT Application Inspector to detect vulnerabilities during development.
  • Network Traffic Analysis (NTA) – Solutions like PT Network Attack Discovery (PT NAD) and PT NGFW with IPS modules to detect and block attacks.

Why This Matters

Veeam Software supports over 550,000 customers worldwide, including 74% of Forbes Global 2000 companies. The United States, Germany, and France lead in usage, while the UAE ranks 32nd.

Veeam also holds the largest market share in data replication and protection. For eight consecutive years, it has been recognized in Gartner’s Magic Quadrant for Enterprise Backup and Recovery Software Solutions.

Take Action Now

Organizations using Veeam Service Provider Console should update their software immediately. Implementing additional security measures is also crucial to prevent future threats.


Related post

Veeam Patches Critical Vulnerability in Service Provider Console
News Desk
Proofpoint and Microsoft Team Up to Enhance Security with AI and Cloud Integration
News Desk
CrowdStrike, NVIDIA Launch AI-Powered Cybersecurity Breakthrough
News Desk
Vulnerability Discovered in D-Link Routers, Users Urged to Upgrade
News Desk