Veeam Patches Critical RCE Flaws in Backup & Replication Software
Veeam has released security updates to fix multiple vulnerabilities in its Backup & Replication software, including a critical remote code execution (RCE) flaw tracked as CVE-2025-59470 (CVSS 9.0). The vulnerability allows Backup or Tape Operators—roles with elevated privileges—to execute arbitrary code as the postgres user by sending malicious interval or order parameters.
While Veeam classified the issue as high severity (despite its CVSS score), it noted that exploitation risks are mitigated if customers follow recommended security guidelines. The company also addressed three additional flaws in the same product:
- CVE-2025-55125 (CVSS 7.2) – Backup/Tape Operators can achieve RCE as root via a malicious backup configuration file.
- CVE-2025-59468 (CVSS 6.7) – Backup Administrators can execute code as postgres using a crafted password parameter.
- CVE-2025-59469 (CVSS 7.2) – Backup/Tape Operators can write files as root.
All vulnerabilities affect Veeam Backup & Replication 13.0.1.180 and earlier 13.x versions, with patches available in version 13.0.1.1071. While there is no evidence of active exploitation, past flaws in Veeam software have been targeted by threat actors, underscoring the urgency of applying updates.
Source: https://thehackernews.com/2026/01/veeam-patches-critical-rce.html
Veeam Software cybersecurity rating report: https://www.rankiteo.com/company/veeam-software
"id": "VEE1767793059",
"linkid": "veeam-software",
"type": "Vulnerability",
"date": "1/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Users of Veeam Backup & '
'Replication 13.0.1.180 and '
'earlier versions',
'industry': 'Data Backup and Recovery Software',
'name': 'Veeam',
'type': 'Company'}],
'attack_vector': 'Malicious parameters (interval, order, password) or backup '
'configuration files',
'customer_advisories': 'Users of Veeam Backup & Replication 13.0.1.180 and '
'earlier versions should update to version '
'13.0.1.1071.',
'description': 'Veeam has released security updates to address multiple flaws '
'in its Backup & Replication software, including a critical '
'vulnerability (CVE-2025-59470) that could result in remote '
'code execution (RCE). Additional vulnerabilities '
'(CVE-2025-55125, CVE-2025-59468, CVE-2025-59469) were also '
'patched, allowing RCE or file write access under certain '
'conditions.',
'impact': {'operational_impact': 'Potential unauthorized remote code '
'execution or file write access',
'systems_affected': 'Veeam Backup & Replication software (versions '
'13.0.1.180 and earlier)'},
'lessons_learned': "Organizations should follow Veeam's recommended Security "
'Guidelines to reduce exploitation risks. Highly '
'privileged roles (Backup/Tape Operator, Backup '
'Administrator) should be protected to prevent misuse.',
'post_incident_analysis': {'corrective_actions': 'Patches released to address '
'input validation flaws and '
'restrict unauthorized RCE '
'or file write access.',
'root_causes': 'Insufficient input validation in '
'Backup & Replication software, '
'allowing malicious parameters or '
'configuration files to execute '
'unauthorized code.'},
'recommendations': 'Apply the latest security updates (version 13.0.1.1071) '
'immediately. Monitor for signs of exploitation and '
'restrict access to privileged roles.',
'references': [{'source': 'Veeam Security Bulletin'}],
'response': {'communication_strategy': 'Security bulletin published',
'containment_measures': 'Security updates released (version '
'13.0.1.1071)',
'remediation_measures': 'Apply patches to Veeam Backup & '
'Replication software'},
'title': 'Veeam Backup & Replication Software Vulnerabilities',
'type': 'Vulnerability Exploitation',
'vulnerability_exploited': ['CVE-2025-59470',
'CVE-2025-55125',
'CVE-2025-59468',
'CVE-2025-59469']}