The critical flaw, tracked as CVE-2025-59470, affects Veeam Backup & Replication version 13.0.1.180 and all earlier builds of version 13. This vulnerability allows individuals with the Backup or Tape Operator roles to execute arbitrary code remotely as the postgres user on the affected server. By submitting specially crafted values in the “interval” or “order” parameters, an attacker could manipulate the application and gain command execution privileges at the database backend.
While rated as “critical” due to its nature, the overall risk was later adjusted to “high.” Successful exploitation requires the attacker to already possess a highly privileged Backup or Tape Operator role—these roles have broad access and control over backup operations and stored data.
The security update also addresses:
CVE-2025-55125 (high severity) – Enables remote code execution through the creation of a malicious backup configuration file.
CVE-2025-59468 (medium severity) – Allows RCE by manipulating a password parameter, again requiring backup operator privileges.
Backup & Replication software is a critical component of enterprise data protection strategies. Any vulnerabilities in these systems can have devastating consequences, such as the loss of backup integrity, unauthorized access to sensitive data, and the inability to restore from backups after a cyberattack or system failure.
Compromise of backup systems is a common target for ransomware actors, as it enables them to erase backups before deploying ransomware, making recovery much harder for affected organizations. While this specific flaw requires insider or compromised account access with privileged backup roles, it underscores the importance of following security best practices and protecting all administrative accounts.
Upgrade Immediately
Users should update Veeam Backup & Replication to version 13.0.1.1071 or later, where these vulnerabilities have been patched. Delaying the upgrade leaves systems exposed to potential exploitation by malicious insiders or external attackers who manage to obtain privileged accounts.
Restrict Privileged Roles
Access to the Backup and Tape Operator roles should be limited on a strict need-to-know basis. Monitor the assignment and usage of privileged roles, and enforce strong authentication for all accounts.
Follow Security Best Practices
Regularly review and audit user roles and access.
Enable multi-factor authentication (MFA) for all privileged accounts.
Segment backup servers from general user systems and minimize network exposure.
Implement logging and alerting to detect suspicious activity within backup environments.
Next Steps
Immediately check your Veeam Backup & Replication deployment version.
Apply the latest security update without delay.
Review all privileged accounts and audit recent activities for signs of misuse or compromise.