New Veeam vulnerabilities expose backup servers to RCE attacks

Published:

7 januari 2026 om 13:06:11

Alert date:

7 januari 2026 om 14:02:13

Source:

bleepingcomputer.com

Enterprise Applications, Ransomware & Malware, Zero-Day Vulnerabilities

Veeam released security updates to address multiple security flaws in its Backup & Replication software, including a critical remote code execution vulnerability that could allow attackers to compromise backup servers. The vulnerabilities pose significant risks to organizations relying on Veeam for backup and disaster recovery operations.

Technical details

Veeam released security updates to patch multiple security flaws in its Backup & Replication software. CVE-2025-59470 is a critical RCE vulnerability that allows a Backup or Tape Operator to perform remote code execution as the postgres user by sending a malicious interval or order parameter. The vulnerability affects Veeam Backup & Replication 13.0.1.180 and all earlier version 13 builds. Two additional vulnerabilities were patched: CVE-2025-55125 (high-severity) enables RCE by creating a malicious backup configuration file, and CVE-2025-59468 (medium-severity) enables RCE by sending a malicious password parameter. All require Backup or Tape Operator roles for exploitation.

Mitigation steps:

Update to Veeam Backup & Replication version 13.0.1.1071 released on January 6 to patch the vulnerabilities. Follow Veeam's recommended Security Guidelines to reduce exploitability. Protect Backup and Tape Operator roles as highly privileged roles.

Affected products:

Veeam Backup & Replication 13.0.1.180 and all earlier version 13 builds