Several Code Execution Flaws Patched in Veeam Backup & Replication

Several Code Execution Flaws Patched in Veeam Backup & Replication

Posted on By CWS

Veeam introduced on Tuesday that an replace launched for its Backup & Replication answer patches a number of vulnerabilities that may be exploited for distant code execution. 

The safety holes impression Veeam Backup & Replication 13.0.1.180 and earlier, and so they have been fastened with the discharge of model 13.0.1.1071

One of many vulnerabilities is CVE-2025-59470, which might be exploited by an attacker with ‘backup’ or ‘tape operator’ privileges for distant code execution because the ‘postgres’ person by leveraging specifically crafted parameters.

The flaw has a essential severity primarily based on its CVSS rating, however Veeam adjusted the severity to excessive as a result of the roles required for exploitation are thought of extremely privileged. 

A excessive severity ranking has additionally been assigned to CVE-2025-55125, which permits an attacker with ‘tape operator’ or ‘backup’ privileges to execute arbitrary code as root utilizing malicious backup configuration recordsdata.

CVE-2025-59469, one other high-severity difficulty, requires the identical kinds of privileges and permits an attacker to jot down recordsdata to the system as root.Commercial. Scroll to proceed studying.

The final vulnerability, CVE-2025-59468, permits an attacker with ‘backup administrator’ privileges to carry out distant code execution.

All of those vulnerabilities had been found internally by Veeam and there’s no indication that they’ve been exploited within the wild.

Nevertheless, it’s vital for organizations to handle the issues, because it’s not unusual for menace actors to focus on Veeam Backup & Replication of their assaults.

CISA’s Recognized Exploited Vulnerabilities (KEV) catalog consists of 4 weaknesses discovered within the product lately, together with CVE-2024-40711 and CVE-2023-27532, each exploited in ransomware assaults. 

Associated: Veeam Patches Vital Vulnerability in Backup & Replication

Associated: Code Execution Vulnerabilities Patched in Veeam, BeyondTrust Merchandise

Associated: Veeam Warns of Vital Vulnerability in Service Supplier Console

Security Week News Tags:, , , , , ,

Related Posts

iOS Exploit Kit Coruna Updates Past Exploits iOS Exploit Kit Coruna Updates Past Exploits Security Week News
Apple Updates iOS, macOS with Critical Security Fixes Apple Updates iOS, macOS with Critical Security Fixes Security Week News
OpenSSL Vulnerabilities Allow Private Key Recovery, Code Execution, DoS Attacks OpenSSL Vulnerabilities Allow Private Key Recovery, Code Execution, DoS Attacks Security Week News
US Cyber Strategy Aims to Fortify National Security US Cyber Strategy Aims to Fortify National Security Security Week News
US Links Handala Hackers to Iranian Government US Links Handala Hackers to Iranian Government Security Week News
AppSignal Raises Million for Application Monitoring Solution AppSignal Raises $22 Million for Application Monitoring Solution Security Week News