Several Code Execution Flaws Patched in Veeam Backup & Replication

Posted on By CWS

Veeam introduced on Tuesday that an replace launched for its Backup & Replication answer patches a number of vulnerabilities that may be exploited for distant code execution. 

The safety holes impression Veeam Backup & Replication 13.0.1.180 and earlier, and so they have been fastened with the discharge of model 13.0.1.1071

One of many vulnerabilities is CVE-2025-59470, which might be exploited by an attacker with ‘backup’ or ‘tape operator’ privileges for distant code execution because the ‘postgres’ person by leveraging specifically crafted parameters.

The flaw has a essential severity primarily based on its CVSS rating, however Veeam adjusted the severity to excessive as a result of the roles required for exploitation are thought of extremely privileged. 

A excessive severity ranking has additionally been assigned to CVE-2025-55125, which permits an attacker with ‘tape operator’ or ‘backup’ privileges to execute arbitrary code as root utilizing malicious backup configuration recordsdata.

CVE-2025-59469, one other high-severity difficulty, requires the identical kinds of privileges and permits an attacker to jot down recordsdata to the system as root.Commercial. Scroll to proceed studying.

The final vulnerability, CVE-2025-59468, permits an attacker with ‘backup administrator’ privileges to carry out distant code execution.

All of those vulnerabilities had been found internally by Veeam and there’s no indication that they’ve been exploited within the wild.

Nevertheless, it’s vital for organizations to handle the issues, because it’s not unusual for menace actors to focus on Veeam Backup & Replication of their assaults.

CISA’s Recognized Exploited Vulnerabilities (KEV) catalog consists of 4 weaknesses discovered within the product lately, together with CVE-2024-40711 and CVE-2023-27532, each exploited in ransomware assaults. 

Associated: Veeam Patches Vital Vulnerability in Backup & Replication

Associated: Code Execution Vulnerabilities Patched in Veeam, BeyondTrust Merchandise

Associated: Veeam Warns of Vital Vulnerability in Service Supplier Console

Security Week News Tags:, , , , , ,

Related Posts

Adobe Patches Critical Vulnerability in Connect Collaboration Suite Security Week News
Web Hosting Firms in Taiwan Attacked by Chinese APT for Access to High-Value Targets Security Week News
Linux Security: New Flaws Allow Root Access, CISA Warns of Old Bug Exploitation Security Week News
ThreatSpike Raises $14 Million in Series A Funding Security Week News
France Probes ‘Foreign Interference’ After Remote Control Malware Found on Passenger Ferry Security Week News
Amazon Details Iran’s Cyber-Enabled Kinetic Attacks Linking Digital Spying to Physical Strikes Security Week News