CVE-2023-27532

HIGH KEV RANSOMWARE

Veeam Backup & Replication < 11.0.1.1261 - Unauthenticated Credential Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2023-27532 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added August 22, 2023, with confirmed use in ransomware campaigns. EIP tracks 4 public exploits from researchers including sfewer-r7, horizon3ai, yunus-a1i.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2023-27532, targeting Veeam Backup & Replication. The exploit leverages a deserialization vulnerability to either leak plaintext credentials or execute remote commands via SQL injection.

Description

Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.

Exploits (4)

nomisec WORKING POC 115 stars
by sfewer-r7 · remote
https://github.com/sfewer-r7/CVE-2023-27532

This repository contains a functional exploit for CVE-2023-27532, targeting Veeam Backup & Replication. The exploit leverages a deserialization vulnerability to either leak plaintext credentials or execute remote commands via SQL injection.

Classification
Working Poc 100%
Attack Type
Rce | Info Leak | Deserialization | Sqli
Complexity
Moderate
Reliability
Reliable
Target: Veeam Backup & Replication
No auth needed
Prerequisites: Network access to the Veeam Backup & Replication service on port 9401
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 71 stars
by horizon3ai · infoleak
https://github.com/horizon3ai/CVE-2023-27532

This repository contains a functional exploit for CVE-2023-27532, targeting Veeam Backup & Replication. The exploit leverages insecure deserialization to extract credentials from the Veeam server by interacting with the RemoteInvokeService.

Classification
Working Poc 95%
Attack Type
Deserialization
Complexity
Moderate
Reliability
Reliable
Target: Veeam Backup & Replication
No auth needed
Prerequisites: Network access to the Veeam Backup & Replication server · Veeam Backup & Replication service running and accessible
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec SCANNER
by yunus-a1i · poc
https://github.com/yunus-a1i/veeam-cve-2023-27532-mock

This repository provides a mock server and a Nuclei template for detecting CVE-2023-27532, a vulnerability in Veeam Backup & Replication that allows extraction of encrypted credentials. The mock server simulates vulnerable endpoints, while the Nuclei template includes HTTP and network-based detection methods.

Classification
Scanner 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Veeam Backup & Replication (version 11.0.0.837 and likely others)
No auth needed
Prerequisites: Network access to Veeam Backup & Replication server
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by puckiestyle · remote
https://github.com/puckiestyle/CVE-2023-27532-RCE-Only

This repository contains a functional exploit for CVE-2023-27532, targeting Veeam Backup & Replication. The exploit leverages a WCF endpoint to execute arbitrary SQL commands, enabling remote code execution via `xp_cmdshell`.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Veeam Backup & Replication (versions affected by CVE-2023-27532)
No auth needed
Prerequisites: Network access to the Veeam Backup & Replication server · WCF endpoint exposed on port 9401
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.5
EPSS 0.7761
EPSS Percentile 99.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation active
Automatable yes
Technical Impact partial

Details

CISA KEV 2023-08-22
VulnCheck KEV 2023-04-26
InTheWild.io 2023-08-22
ENISA EUVD EUVD-2023-31287
Ransomware Use Confirmed
CWE
CWE-306
Status published
Products (3)
veeam/veeam_backup_\&_replication 11.0.1.1261 (4 CPE variants)
veeam/veeam_backup_\&_replication 12.0.0.1420
veeam/veeam_backup_\&_replication < 11.0.1.1261
Published Mar 10, 2023
KEV Added Aug 22, 2023
Tracked Since Feb 18, 2026