By Executive Order, We Are Banning Blacklists - Domain-Level RCE in Veeam Backup & Replication (CVE-2025-23120) • BoredReading.com

By Executive Order, We Are Banning Blacklists - Domain-Level RCE in Veeam Backup & Replication (CVE-2025-23120)

from watchTowr Labs [alt+shift+b] in technology

It’s us again! Once again, we hear the collective groans - but we're back and with yet another merciless pwnage of an inspired and clearly comprehensive RCE solution - no, wait, it's another vuln in yet another backup and replication solution.. While we would

a month ago

Remove from reading list Add to reading list [alt+a] Read now [→]

Improve your reading experience

Logged in users get linked directly to articles resulting in a better reading experience. Please login for free, it takes less than 1 minute.

More from watchTowr Labs

Is The Sofistication In The Room With Us? - X-Forwarded-For and Ivanti Connect Secure (CVE-2025-22457)

What's that Skippy? Another Ivanti Connect Secure vulnerability? At this point, regular readers will know all about Ivanti (and a handful of other vendors of the same class of devices), from our regular analysis. Do you know the fun things about these posts? We can copy text from

2 weeks ago • 12 votes

XSS To RCE By Abusing Custom File Handlers - Kentico Xperience CMS (CVE-2025-2748)

We know what you’re waiting for - this isn’t it. Today, we’re back with more tales of our adventures in Kentico’s Xperience CMS. Due to it’s wide usage, the type of solution, and the types of enterprises using this solution

2 weeks ago • 16 votes

Bypassing Authentication Like It’s The ‘90s - Pre-Auth RCE Chain(s) in Kentico Xperience CMS

I recently joined watchTowr, and it is, therefore, time - time for my first watchTowr Labs blogpost, previously teased in a tweet of a pre-auth RCE chain affecting some ‘unknown software’. Joining the team, I wanted to maintain the trail of destruction left by the watchTowr Labs team,

a month ago • 17 votes

The Best Security Is When We All Agree To Keep Everything Secret (Except The Secrets) - NAKIVO Backup & Replication (CVE-2024-48248)

As an industry, we believe that we’ve come to a common consensus after 25 years of circular debates - disclosure is terrible, information is actually dangerous, it’s best that it’s not shared, and the only way to really to ensure that no one ever

a month ago • 22 votes

More in technology

Deepfakes and Thirst Traps

Novel media technology is changing the nature of political communication.

14 hours ago • 3 votes

Stunts are getting their Oscar in 2028

Academy Of Motion Picture Arts And Sciences: Academy Establishes Stunt Design Award for 100th Oscars The Board of Governors of the Academy of Motion Picture Arts and Sciences announced today the creation of an annual competitive Academy Award® for Achievement in Stunt Design, beginning with the 100th Academy Awards&

17 hours ago • 2 votes

Unix Review Interviews Sun Co-Founder Bill Joy (1994)

A lot of talk about editors and the future

17 hours ago • 2 votes

Apple hits a major milestone in greenhouse emissions

Apple Newsroom: Apple Surpasses 60 Percent Reduction in Global Greenhouse Gas Emissions Apple today announced that the company has surpassed a 60 percent reduction in its global greenhouse gas emissions compared to 2015 levels, as part of its Apple 2030 goal to become carbon neutral across its entire footprint in

18 hours ago • 2 votes

This machine helps to experimentally find an estimation of absolute zero

How can we ever really know anything? If you listen to the anti-science types, you might believe that we can’t. But if you get past Plato’s Allegory of the Cave, you can start identifying basic truths, through logic and experiments, on which to build upon. One important foundational building block is absolute zero. Most of […] The post This machine helps to experimentally find an estimation of absolute zero appeared first on Arduino Blog.

10 hours ago • 1 votes

New here?