A critical remote code execution vulnerability in Veeam Backup & Replication high availability deployments allows authenticated Backup Administrators to compromise the system.

This vulnerability affects high availability (HA) deployments. An attacker who has already obtained Backup Administrator privileges can leverage a flaw in the HA synchronization or management component to execute arbitrary code on the server.

While this requires high-level "Backup Administrator" privileges, the impact of RCE is still critical (CVSS 9.1) because it allows an administrator to bypass audit logs, establish persistence, or move laterally into the underlying operating system. This could be used by a malicious insider or an attacker who has compromised an admin's credentials to inflict maximum damage.

Immediate Action: Update Veeam Backup & Replication to the latest version. Consult the vendor advisory for specific patches related to HA deployments.

Proactive Monitoring: Closely audit all actions taken by accounts with the Backup Administrator role, specifically looking for unusual system-level changes.

Compensating Controls: Implement strict "Four-Eyes" (dual authorization) principles for sensitive backup operations and use dedicated, isolated workstations for administrative tasks.

Public Exploit Available: No

Even though administrative privileges are required, the potential for an attacker to escalate from application-level admin to full system-level RCE makes this a critical fix. Apply the recommended updates immediately to maintain the integrity of HA backup environments.