Ddos 
Veeam has rolled out urgent security updates for its flagship Backup & Replication software, addressing a cluster of high-severity vulnerabilities discovered in its latest version. The patches squash four distinct bugs that could allow lower-level operators to execute remote code as root or the postgres user, effectively handing them full control over the backup infrastructure.
The vulnerabilities specifically target Version 13 (builds 13.0.1.180 and earlier). In a stroke of good fortune for organizations slow to upgrade, Veeam confirmed that “Previous versions of Veeam Backup & Replication (i.e., 12.x and older) are not impacted”.
The most alarming issues center on the privileges granted to Backup or Tape Operators. While these roles are trusted to manage daily tasks, they shouldn’t have the keys to the kingdom. However, three of the four flaws allow these operators to break containment.
- CVE-2025-59470 (CVSS 9.0 -> Adjusted to High): This critical flaw allows a Backup or Tape Operator to achieve Remote Code Execution (RCE) as the postgres user. Attackers exploit this by sending a “malicious interval or order parameter”.
- Note: While the raw technical severity is a critical 9.0, Veeam downgraded the rating to High. The reasoning? These operators are already “considered highly privileged roles” and following security best practices reduces the attack surface.
- CVE-2025-55125 (CVSS 7.2): This vulnerability is a direct path to root. By creating a “malicious backup configuration file,” a Backup or Tape Operator can execute code with the highest possible system privileges.
- CVE-2025-59469 (CVSS 7.2): Another dangerous flaw for the same operator roles, allowing them to write arbitrary files as root, which is often a precursor to full system compromise.
The update also addresses a medium-severity bug, CVE-2025-59468 (CVSS 6.7), which affects the Backup Administrator role. An attacker with these credentials could achieve RCE as the postgres user by manipulating the “password parameter”.
Veeam credits its own internal testing processes for finding all four vulnerabilities, rather than external researchers.
Organizations running Veeam Backup & Replication v13 are urged to upgrade immediately to build 13.0.1.1071 to close these security gaps.
Related Posts:
- Veeam Backup & Replication Vulnerabilities Exposed: High-Severity Flaws Put Data at Risk
- Fog & Akira Ransomware Exploit Critical Veeam RCE Flaw CVE-2024-40711 After PoC Release
- Veeam Backup & Replication Faces RCE Flaw– CVE-2024-40711 (CVSS 9.8) Allows Full System Takeover
- PoC Exploit Releases for Unauthenticated RCE CVE-2024-40711 in Veeam Backup & Replication
- CVE-2024-10442: Synology Replication Service Vulnerability Scores Maximum CVSS Rating
Donate