Contact
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Cybersecurity is about sharing. Recognize the risk,
combat it, share your experiences, and encourage others
to do better than you.
Fortinet 320x100px
Redhotcyber Banner Sito 970x120px Uscita 101125
Veeam Backup Vulnerability: Critical RCE Flaw Discovered – Update Now

Veeam Backup Vulnerability: Critical RCE Flaw Discovered – Update Now

8 January 2026 17:12

Backups are generally considered the last line of defense, but this week Veeam reminded us that backup systems themselves can become entry points for attacks. The company released security updates for Backup & Replication , addressing several vulnerabilities, including a high-risk remote code execution issue.

The most notable of these vulnerabilities has been identified with the identifier CVE-2025-59470 (CVSS score: 9.0). According to Veeam’s description , an attacker with the Backup Operator or Tape Operator role can perform RCE attacks on behalf of the PostgreSQL user by passing malicious interval or order parameters.

Veeam notes in its bulletin that, despite the CVSS classification of “critical,” the company classifies the vulnerability as high severity as the time window for exploitation is significantly reduced.

Roles offer a truly wide range of capabilities. For example, a Backup Operator can start and stop existing jobs, export and copy backups, and create VeeamZip backups. A Tape Operator manages tape operations: starting tape backups and cataloging jobs, importing and exporting tapes, erasing, setting passwords, and performing other actions. In other words, these are not “standard users,” and in a properly configured environment, access to these accounts should be as limited and controlled as possible.

In addition to CVE-2025-59470, three other vulnerabilities have been fixed in the same product: CVE-2025-55125 (CVSS score: 7.2), where Backup Operator or Tape Operator can obtain RCE as root via a malicious backup configuration file

Additionally, VE-2025-59468 (CVSS score: 6.7) allows Backup Administrators to execute code such as postgres via the password parameter; and CVE-2025-59469 (CVSS score: 7.2) allows Backup Operator or Tape Operator to write to files as root.

All four issues affect Veeam Backup & Replication 13.0.1.180 and earlier builds of the 13 branch. The fixes were released in version 13.0.1.1071.

Veeam has not reported any exploits in real-world attacks, but it’s best not to delay updating given the interest of ransomware gangs in these products, as access to a backup server often means access to the entire recovery infrastructure.

Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.

Cropped RHC 3d Transp2 1766828557 300x300
The editorial staff of Red Hot Cyber is composed of IT and cybersecurity professionals, supported by a network of qualified sources who also operate confidentially. The team works daily to analyze, verify, and publish news, insights, and reports on cybersecurity, technology, and digital threats, with a particular focus on the accuracy of information and the protection of sources. The information published is derived from direct research, field experience, and exclusive contributions from national and international operational contexts.