Several Code Execution Flaws Patched in Veeam Backup & Replication

Posted on By CWS

Veeam introduced on Tuesday that an replace launched for its Backup & Replication answer patches a number of vulnerabilities that may be exploited for distant code execution. 

The safety holes impression Veeam Backup & Replication 13.0.1.180 and earlier, and so they have been fastened with the discharge of model 13.0.1.1071

One of many vulnerabilities is CVE-2025-59470, which might be exploited by an attacker with ‘backup’ or ‘tape operator’ privileges for distant code execution because the ‘postgres’ person by leveraging specifically crafted parameters.

The flaw has a essential severity primarily based on its CVSS rating, however Veeam adjusted the severity to excessive as a result of the roles required for exploitation are thought of extremely privileged. 

A excessive severity ranking has additionally been assigned to CVE-2025-55125, which permits an attacker with ‘tape operator’ or ‘backup’ privileges to execute arbitrary code as root utilizing malicious backup configuration recordsdata.

CVE-2025-59469, one other high-severity difficulty, requires the identical kinds of privileges and permits an attacker to jot down recordsdata to the system as root.Commercial. Scroll to proceed studying.

The final vulnerability, CVE-2025-59468, permits an attacker with ‘backup administrator’ privileges to carry out distant code execution.

All of those vulnerabilities had been found internally by Veeam and there’s no indication that they’ve been exploited within the wild.

Nevertheless, it’s vital for organizations to handle the issues, because it’s not unusual for menace actors to focus on Veeam Backup & Replication of their assaults.

CISA’s Recognized Exploited Vulnerabilities (KEV) catalog consists of 4 weaknesses discovered within the product lately, together with CVE-2024-40711 and CVE-2023-27532, each exploited in ransomware assaults. 

Associated: Veeam Patches Vital Vulnerability in Backup & Replication

Associated: Code Execution Vulnerabilities Patched in Veeam, BeyondTrust Merchandise

Associated: Veeam Warns of Vital Vulnerability in Service Supplier Console

Security Week News Tags:, , , , , ,

Related Posts

Rowhammer Attack Demonstrated Against DDR5 Security Week News
ConductorOne Raises $79 Million in Series B Funding Security Week News
US Indicts Extradited Ukrainian on Charges of Aiding Russian Hacking Groups Security Week News
Fog Ransomware Attack Employs Unusual Tools Security Week News
Madhu Gottumukkala Officially Appointed CISA Deputy Director Security Week News
Google Warns of Vishing, Extortion Campaign Targeting Salesforce Customers Security Week News