"The most impactful vulnerability is registered as CVE-2025-59470 and affects version 13 of Veeam Backup & Replication up to and including build 13.0.1.180. This vulnerability allows a user with specific rights to remotely execute code under the postgres account. The cause lies in insufficient validation of certain parameters processed by the software. Although the vulnerability was initially rated as critical, Veeam later downgraded its severity to high"
"In early January, Veeam released version 13.0.1.1071, which addresses this vulnerability. Two other security issues were addressed in the same update. These include a high-impact vulnerability that allows exploitation via a manipulated backup configuration file and a medium-impact issue where a malicious parameter can lead to code execution. In all cases, an attacker must already have access to the backup environment."
Veeam Backup & Replication v13 up to and including build 13.0.1.180 contained multiple vulnerabilities that could allow privileged users to execute code under the postgres account, stemming from insufficient validation of certain parameters. The most impactful issue is CVE-2025-59470 and can be exploited by accounts with Backup Operator or Tape Operator roles. The severity was downgraded from critical to high because exploitation requires those privileged roles. Version 13.0.1.1071 addresses CVE-2025-59470 and two other issues: a high-impact manipulated backup configuration file exploit and a medium-impact malicious parameter leading to code execution. Exploitation requires prior access to the backup environment, earlier major versions are not affected, and all known vulnerabilities are resolved in the new build.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]