Veeam RCE Exploit Allegedly Listed for Sale on Dark Web

A new dark web marketplace listing has sparked alarm in the cybersecurity community after a seller using the handle “SebastianPereiro” purportedly advertised a remote code execution (RCE) exploit targeting Veeam Backup & Replication platforms.

The alleged exploit, marketed as the “Bug of June 2025,” is claimed to affect certain versions of Veeam 12.x series, specifically including builds 12.1, 12.2, 12.3, and 12.3.1.

According to the advertisement, the flaw centers around systems that are integrated with Active Directory, meaning that exploitation requires access to any legitimate Active Directory credential.

The listing appeared on a well-known dark web forum, with the seller stating unequivocally that no public code or proof-of-concept (PoC) exists anywhere for this vulnerability.

This detail signals that, if genuine, the exploit remains in the hands of private actors and unavailable to the public or mainstream security researchers.

The seller requested ...