Contact
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Cybersecurity is about sharing. Recognize the risk,
combat it, share your experiences, and encourage others
to do better than you.
Home
HackTheBox 970x120 1
Veeam Backup Vulnerability: Critical RCE Flaw Discovered – Update Now

Veeam Backup Vulnerability: Critical RCE Flaw Discovered – Update Now

8 January 2026 17:12

Backups are generally considered the last line of defense, but this week Veeam reminded us that backup systems themselves can become entry points for attacks. The company released security updates for Backup & Replication , addressing several vulnerabilities, including a high-risk remote code execution issue.

The most notable of these vulnerabilities has been identified with the identifier CVE-2025-59470 (CVSS score: 9.0). According to Veeam’s description , an attacker with the Backup Operator or Tape Operator role can perform RCE attacks on behalf of the PostgreSQL user by passing malicious interval or order parameters.

Veeam notes in its bulletin that, despite the CVSS classification of “critical,” the company classifies the vulnerability as high severity as the time window for exploitation is significantly reduced.

Roles offer a truly wide range of capabilities. For example, a Backup Operator can start and stop existing jobs, export and copy backups, and create VeeamZip backups. A Tape Operator manages tape operations: starting tape backups and cataloging jobs, importing and exporting tapes, erasing, setting passwords, and performing other actions. In other words, these are not “standard users,” and in a properly configured environment, access to these accounts should be as limited and controlled as possible.

In addition to CVE-2025-59470, three other vulnerabilities have been fixed in the same product: CVE-2025-55125 (CVSS score: 7.2), where Backup Operator or Tape Operator can obtain RCE as root via a malicious backup configuration file

Additionally, VE-2025-59468 (CVSS score: 6.7) allows Backup Administrators to execute code such as postgres via the password parameter; and CVE-2025-59469 (CVSS score: 7.2) allows Backup Operator or Tape Operator to write to files as root.

All four issues affect Veeam Backup & Replication 13.0.1.180 and earlier builds of the 13 branch. The fixes were released in version 13.0.1.1071.

Veeam has not reported any exploits in real-world attacks, but it’s best not to delay updating given the interest of ransomware gangs in these products, as access to a backup server often means access to the entire recovery infrastructure.

Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.

Agostino Pellegrino 300x300
He is a freelancer, teacher and expert in Computer Forensics, Cyber Security and Ethical Hacking and Network Management. He has collaborated with leading educational institutions internationally and has practiced teaching and mentorship in advanced Offensive Security techniques for NATO obtaining major awards from the U.S. Government. His motto is "Study. Always."
Areas of Expertise: Cybersecurity architecture, Threat intelligence, Digital forensics, Offensive security, Incident response & SOAR, Malware analysis, Compliance & frameworks