Veeam released security updates to patch multiple security flaws in its Backup & Replication software, including a critical remote code execution (RCE) vulnerability.
Tracked as CVE-2025-59470, this RCE security flaw affects Veeam Backup & Replication 13.0.1.180 and all earlier version 13 builds.
āThis vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter,ā Veeam explainedĀ in a Tuesday advisory.
However, the information technology company adjusted its rating to high severity because it can only be exploited by attackers with the Backup or Tape Operator roles.
āThe Backup and Tape Operator roles are considered highly privileged roles and should be protected as such. Following Veeamās recommended Security Guidelines further reduces the opportunity for exploitability,ā it added.
VeeamĀ released version 13.0.1.1071Ā on January 6 to patch CVE-2025-59470 andĀ address two other high-severity (CVE-2025-55125) and medium-severity (CVE-2025-59468) vulnerabilitiesĀ that enable malicious backup or tape operators to gain remote code execution by creating a malicious backup configuration file orĀ sending a malicious password parameter, respectively.
Veeamās Backup & Replication (VBR) enterprise data backup and recovery software helps create copies of critical data and applications that can be quickly restored following cyberattacks, hardware failures, or disasters.
Veeam flaws targeted by ransomware gangs
VBR is particularly popular among mid-sized to large enterprises and managed service providers, but itās also often targeted by ransomware gangs, since it can serve as a quick pivot point for lateral movement within victimsā environments.
Ransomware gangs have previously told BleepingComputer that they always target victimsā VBR servers because it simplifies data theft and makes it easy to block restoration efforts by deleting backups before deploying ransomware payloads.
The Cuba ransomware gang and the financially motivated FIN7 threat group (which had previously collaborated with the Conti, REvil, Maze, Egregor, and BlackBasta ransomware gangs) have also been linked to attacks targeting VBR vulnerabilities in the past.
More recently, Sophos X-Ops incident responders revealed in November 2024 that Frag ransomware exploited another VBR RCE vulnerability (CVE-2024-40711) disclosed two months earlier.Ā The same security flaw was also used in Akira and Fog ransomware attacks targeting vulnerable Veeam backup servers starting in October 2024.
Veeamās products are used by over 550,000 customers worldwide, including 74% of Global 2,000 firms and 82% of Fortune 500 companies.
The 2026 CISO Budget Benchmark
Itās budget season! Over 300 CISOs and security leaders have shared how theyāre planning, spending, and prioritizing for the year ahead. This report compiles their insights, allowing readers to benchmark strategies, identify emerging trends, and compare their priorities as they head into 2026.
Learn how top leaders are turning investment into measurable impact.
