You are currently viewing Severe Veeam Backup Vulnerability Could Lead to Code Execution

Severe Veeam Backup Vulnerability Could Lead to Code Execution

  • Post author:
  • Reading time:3 mins read

Veeam, a prominent provider of data protection and disaster recovery solutions, has recently addressed multiple security vulnerabilities in its Backup & Replication software. These flaws could potentially allow attackers to perform remote code execution (RCE) and gain unauthorized access to systems. The most critical of these vulnerabilities, identified as CVE-2025-59470, has a CVSS score of 9.0, highlighting its severity.

Vulnerability Details

The critical vulnerability (CVE-2025-59470) allows a Veeam Tape Operator to achieve remote code execution as the postgres user. This is possible by sending a malicious interval or order parameter. A Veeam Tape Operator is a user role with limited privileges, intended to manage tape-based backup operations without requiring full administrative rights.

In addition to CVE-2025-59470, Veeam also patched three other vulnerabilities:

  • CVE-2025-55125: Remote code execution as root via malicious backup (CVSS score of 7.2)
  • CVE-2025-59468: Remote code execution as postgres via password (CVSS score of 6.7)
  • CVE-2025-59469: File write as root (CVSS score of 7.2)

Affected Products

The vulnerabilities affect Veeam Backup & Replication, a solution designed for data protection and disaster recovery across virtual, physical, and cloud-based workloads. The versions affected are 13.0.1.180 and all earlier versions of 13 builds.

Tactics, Techniques, and Procedures (TTPs)

Successful exploitation of these vulnerabilities could allow attackers to perform several malicious activities. Here’s a breakdown of the relevant Tactics and Techniques:

  • TA0002 – Execution: The remote code execution vulnerabilities allow attackers to execute arbitrary code on the affected system.
  • T1068 – Exploitation for Privilege Escalation: By exploiting these vulnerabilities, attackers can escalate their privileges to gain unauthorized access to sensitive data and system resources.

Mitigation & Recommendations

To address these vulnerabilities, Veeam has released patch version 13.0.1.1071 for Backup & Replication. Users are strongly advised to update their Veeam Backup & Replication installations to this version as soon as possible to mitigate the risks associated with these flaws.

According to Veeam, the Backup and Tape Operator roles are highly privileged. Adhering to security best practices can reduce the risk of exploitation.

Instantly Fix Risks with Saner Patch Management

Saner patch management is a continuous, automated, and integrated software that instantly fixes risks exploited in the wild. The software supports major operating systems like Windows, Linux, and macOS, as well as 550+ third-party applications.

It also allows you to set up a safe testing area to test patches before deploying them in a primary production environment. Saner patch management additionally supports a patch rollback feature in case of patch failure or a system malfunction.

Experience the fastest and most accurate patching software here.