[ad_1]
Veeam has launched a crucial safety replace for its Backup & Replication software program to deal with a number of high-severity vulnerabilities.
Probably the most regarding of those flaws may enable attackers to execute distant code with root-level privileges, doubtlessly granting them full management over affected methods.
These vulnerabilities particularly have an effect on Veeam Backup & Replication model 13.0.1.180 and all earlier model 13 builds.
Veeam has confirmed that earlier variations, together with the broadly used 12.x department, are not impacted by these points.
Technical Dangers
The disclosed vulnerabilities have been found throughout inside testing and pose vital dangers to backup infrastructure.
The failings enable authenticated customers with particular roles comparable to Backup or Tape Operators to escalate their privileges.
One crucial flaw, CVE-2025-59470, carries a CVSS rating of 9.0 (Essential). It permits a Backup or Tape Operator to execute distant code as a postgres person by manipulating interval parameters.
Nevertheless, Veeam has adjusted the severity score to “Excessive” as a result of exploitation requires entry to extremely privileged roles, which ought to already be restricted in a safe surroundings.
One other extreme problem, CVE-2025-55125, permits operators to attain Distant Code Execution (RCE) as root by crafting a malicious backup configuration file.
| CVE ID | Severity | CVSS Rating | Description |
| CVE-2025-55125 | Excessive | 7.2 | Permits Backup/Tape Operators to carry out RCE as root through malicious config information. |
| CVE-2025-59468 | Medium | 6.7 | Permits Backup Admins to carry out RCE as postgres person through malicious password parameters. |
| CVE-2025-59469 | Excessive | 7.2 | Permits Backup/Tape Operators to jot down information as root. |
| CVE-2025-59470 | Excessive | 9.0 | Permits Backup/Tape Operators to carry out RCE as postgres person through malicious parameters. |
Veeam urges all prospects operating model 13 to replace instantly to stop potential exploitation. These vulnerabilities have been resolved within the following construct:
- Mounted Model: Veeam Backup & Replication 13.0.1.1071
Directors ought to obtain the replace from the official Veeam Data Base (KB4738) and evaluate their person position assignments to make sure least-privilege entry is enforced.
Observe us on Google Information, LinkedIn, and X to Get On the spot Updates and Set GBH as a Most popular Supply in Google.
[ad_2]
