Several Code Execution Flaws Patched in Veeam Backup & Replication

Several Code Execution Flaws Patched in Veeam Backup & Replication

Posted on By CWS

Veeam introduced on Tuesday that an replace launched for its Backup & Replication answer patches a number of vulnerabilities that may be exploited for distant code execution. 

The safety holes impression Veeam Backup & Replication 13.0.1.180 and earlier, and so they have been fastened with the discharge of model 13.0.1.1071

One of many vulnerabilities is CVE-2025-59470, which might be exploited by an attacker with ‘backup’ or ‘tape operator’ privileges for distant code execution because the ‘postgres’ person by leveraging specifically crafted parameters.

The flaw has a essential severity primarily based on its CVSS rating, however Veeam adjusted the severity to excessive as a result of the roles required for exploitation are thought of extremely privileged. 

A excessive severity ranking has additionally been assigned to CVE-2025-55125, which permits an attacker with ‘tape operator’ or ‘backup’ privileges to execute arbitrary code as root utilizing malicious backup configuration recordsdata.

CVE-2025-59469, one other high-severity difficulty, requires the identical kinds of privileges and permits an attacker to jot down recordsdata to the system as root.Commercial. Scroll to proceed studying.

The final vulnerability, CVE-2025-59468, permits an attacker with ‘backup administrator’ privileges to carry out distant code execution.

All of those vulnerabilities had been found internally by Veeam and there’s no indication that they’ve been exploited within the wild.

Nevertheless, it’s vital for organizations to handle the issues, because it’s not unusual for menace actors to focus on Veeam Backup & Replication of their assaults.

CISA’s Recognized Exploited Vulnerabilities (KEV) catalog consists of 4 weaknesses discovered within the product lately, together with CVE-2024-40711 and CVE-2023-27532, each exploited in ransomware assaults. 

Associated: Veeam Patches Vital Vulnerability in Backup & Replication

Associated: Code Execution Vulnerabilities Patched in Veeam, BeyondTrust Merchandise

Associated: Veeam Warns of Vital Vulnerability in Service Supplier Console

Security Week News Tags:, , , , , ,

Related Posts

Red Teaming AI: The Build Vs Buy Debate Red Teaming AI: The Build Vs Buy Debate Security Week News
What Makes a Great Field CXO: Lessons from the Front Lines What Makes a Great Field CXO: Lessons from the Front Lines Security Week News
Airrived Secures .1 Million for AI-Powered Operations Airrived Secures $6.1 Million for AI-Powered Operations Security Week News
Stragglers From Myanmar Scam Center Raided by Army Cross Into Thailand as Buildings are Blown Up Stragglers From Myanmar Scam Center Raided by Army Cross Into Thailand as Buildings are Blown Up Security Week News
Cryptojackers Caught Mining Monero via Exposed DevOps Infrastructure Cryptojackers Caught Mining Monero via Exposed DevOps Infrastructure Security Week News
Hush Security Emerges Stealth to Eliminate Credential Threats With No-Secrets Platform Hush Security Emerges Stealth to Eliminate Credential Threats With No-Secrets Platform Security Week News