Veeam and BeyondTrust released patches for critical and high-severity flaws that could allow remote code execution. BeyondTrust fixed CVE-2025-5309 (CVSS 8.6), a server-side template injection in RS and PRA products exploitable without authentication. Veeam addressed CVE-2025-23121 (CVSS 9.9) and other bugs in Backup & Replication 12.3.2, urging users to update immediately despite no current exploitation reports.