Ransomware operators capitalize on a fresh variant exploiting Veeam vulnerability, posing significant threat.
**Breaking News: Critical Vulnerability in Veeam Backup & Replication Exploited by Ransomware Groups**
A critical remote code execution (RCE) vulnerability, CVE-2024-40711, has been identified in Veeam Backup & Replication. This vulnerability, with a CVSS score of 9.8, allows an unauthenticated attacker to perform remote code execution and has been actively exploited in the wild by various ransomware groups [1].
According to Sophos X-Ops researchers, multiple ransomware groups, including affiliates of Fog, Akira, and a newly observed Frag variant, have exploited this vulnerability to launch attacks [1]. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has also added CVE-2024-40711 to its Known Exploited Vulnerabilities (KEV) catalog, indicating its use in ransomware attacks [1].
The exploitation of this vulnerability can lead to full system compromise, enabling attackers to execute arbitrary code remotely and potentially exfiltrate or encrypt sensitive backup data [1][4].
Veeam has issued patches addressing this and related flaws in subsequent releases, and it is strongly recommended that users upgrade to the latest version to mitigate the risk [1]. It is important to note that newer, highly critical vulnerabilities (such as CVE-2025-23121, CVSS 9.9) have been discovered in Veeam Backup & Replication, reinforcing the need for continuous vigilance and patch management [2].
Organisations using Veeam Backup & Replication should treat CVE-2024-40711 as a potentially ongoing risk for unpatched environments, especially in light of its proven exploitation by sophisticated ransomware groups [1]. Key recommendations include immediately applying all available Veeam patches, monitoring threat intelligence for new ransomware campaigns targeting Veeam infrastructure, enforcing least-privilege access on backup servers, and including backup systems in incident response planning [1].
[1] Sophos X-Ops Research [2] Veeam Software Update [3] U.S. Cybersecurity and Infrastructure Security Agency (CISA) [4] Heidi Monroe Kroft, senior director of corporate communications and global public relations at Veeam.
- The critical vulnerability, CVE-2024-40711, discovered in Veeam Backup & Replication, has a CVSS score of 9.8 and allows for remote code execution, making it a prime target for ransomware groups like Fog, Akira, and a new Frag variant.
- The exploitation of this vulnerability can result in full system compromise, enabling attackers to execute arbitrary code remotely and potentially exfiltrate or encrypt sensitive backup data.
- Veeam has released patches to address this and related flaws, and it is strongly advised that users upgrade to the latest version to mitigate this risk.
- With the discovery of new, highly critical vulnerabilities such as CVE-2025-23121, organizations using Veeam Backup & Replication should continuously monitor for new threats and ensure robust patch management practices, especially in the face of ongoing exploitation by sophisticated ransomware groups.
