Veeam Patches Critical RCE Vulnerability with CVSS 9.0 in Backup & Replication

Posted on By CWS

Jan 07, 2026Ravie LakshmananVulnerability / Enterprise Safety
Veeam has launched safety updates to handle a number of flaws in its Backup & Replication software program, together with a “vital” difficulty that would lead to distant code execution (RCE).
The vulnerability, tracked as CVE-2025-59470, carries a CVSS rating of 9.0.
“This vulnerability permits a Backup or Tape Operator to carry out distant code execution (RCE) because the postgres person by sending a malicious interval or order parameter,” it mentioned in a Tuesday bulletin.
Based on Veeam’s documentation, a person with a Backup Operator function can begin and cease current jobs; export backups; copy backups; and create VeeamZip backups. A Tape Operator person, however, can run tape backup jobs or tape catalog jobs; eject tapes; import and export tapes; transfer tapes to a media pool; copy or erase tapes; and set a tape password.
In different phrases, these roles are thought of extremely privileged, and organizations ought to already be taking satisfactory protections to stop them from being misused.

Veeam mentioned it is treating the shortcoming as “excessive severity” regardless of the CVSS rating, stating the chance for exploitation is diminished if clients observe Veeam’s really helpful Safety Pointers.
Additionally addressed by the corporate are three different vulnerabilities in the identical product –

CVE-2025-55125 (CVSS rating: 7.2) – A vulnerability that permits a Backup or Tape Operator to carry out RCE as root by making a malicious backup configuration file
CVE-2025-59468 (CVSS rating: 6.7) – A vulnerability that permits a Backup Administrator to carry out RCE because the postgres person by sending a malicious password parameter
CVE-2025-59469 (CVSS rating: 7.2) – A vulnerability that permits a Backup or Tape Operator to write down recordsdata as root

All 4 recognized vulnerabilities have an effect on Veeam Backup & Replication 13.0.1.180 and all earlier variations of 13 builds. They’ve been addressed in Backup & Replication model 13.0.1.1071.
Whereas Veeam makes no point out of the issues being exploited within the wild, it is important that customers promptly apply the fixes, on condition that vulnerabilities within the software program have been exploited by menace actors up to now.

The Hacker News Tags:, , , , , , ,

Related Posts

Researchers Expose GhostCall and GhostHire: BlueNoroff’s New Malware Chains The Hacker News
Introducing Astrix’s AI Agent Control Plane The Hacker News
Russia-Linked Hackers Target Tajikistan Government with Weaponized Word Documents The Hacker News
WSUS Exploited, LockBit 5.0 Returns, Telegram Backdoor, F5 Breach Widens The Hacker News
Now-Patched Fortinet FortiWeb Flaw Exploited in Attacks to Create Admin Accounts The Hacker News
Building Cyber Resilience in Financial Services The Hacker News