Veeam has released a security update that addresses multiple flaws in its backup and replication software, including a “critical” issue that could lead to remote code execution (RCE).
This vulnerability is tracked as CVE-2025-59470 and has a CVSS score of 9.0.
“This vulnerability allows a backup or tape operator to perform remote code execution (RCE) as the postgres user by sending malicious interval or ordering parameters,” it said in Tuesday’s security bulletin.
According to Veeam documentation, users with the Backup Operator role can start and stop existing jobs. Export your backup. Copy your backup. Create a VeeamZip backup. Tape Operator users, on the other hand, can run tape backup jobs or tape catalog jobs. Remove the tape. Tape import and export. Move the tape to the media pool. Copy or erase tapes. Set the tape password.
In other words, these roles are considered highly privileged and organizations should already have appropriate protections in place to prevent these roles from being misused.
Veeam said it is treating the flaw as “high severity” despite the CVSS score, and said the opportunity for exploitation will be reduced if customers follow Veeam’s recommended security guidelines.
The company also addressed three other vulnerabilities in the same product.
CVE-2025-55125 (CVSS Score: 7.2) – Vulnerability that allows backup or tape operators to execute RCE as root by creating a malicious backup configuration file CVE-2025-59468 (CVSS Score: 6.7) – Vulnerability that allows backup administrators to execute RCE as the postgres user by submitting malicious password parameters CVE-2025-59469 (CVSS) Score: 7.2) – Vulnerability that allows backup or tape operators to write files as root
All four vulnerabilities identified affect Veeam Backup & Replication 13.0.1.180 and all previous versions of 13 builds. These are addressed in Backup and Replication version 13.0.1.1071.
Veeam did not mention which flaws are being exploited in the wild, but given that the software’s vulnerabilities have been exploited by threat actors in the past, it is important that users apply the fixes quickly.
Source link
