{“lastseen”:”2026-01-07T10:49:32″,”description”:”\\n\\nVeeam has released security updates to address multiple flaws in its Backup \\u0026 Replication software, including a \\”critical\\” issue that could result in remote code execution (RCE).\\n\\nThe vulnerability, tracked as CVE-2025-59470, carries a CVSS score of 9.0.\\n\\n\\”This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter,\\” it said in a Tuesday bulletin.\\n\\nAccording to Veeam’s documentation, a user with a Backup Operator role can start and stop existing jobs; export backups; copy backups; and create VeeamZip backups. A Tape Operator user, on the other hand, can run tape backup jobs or tape catalog jobs; eject tapes; import and export tapes; move tapes to a media pool; copy or erase tapes; and set a tape password.\\n\\nIn other words, these roles are considered highly privileged, and organizations should already be taking adequate protections to prevent them from being misused.\\n\\n\\n\\nVeeam said it’s treating the shortcoming as \\”high severity\\” despite the CVSS score, stating the opportunity for exploitation is reduced if customers follow Veeam’s recommended Security Guidelines.\\n\\nAlso addressed by the company are three other vulnerabilities in the same product -\\n\\n * **CVE-2025-55125** (CVSS score: 7.2) – A vulnerability that allows a Backup or Tape Operator to perform RCE as root by creating a malicious backup configuration file\\n * **CVE-2025-59468** (CVSS score: 6.7) – A vulnerability that allows a Backup Administrator to perform RCE as the postgres user by sending a malicious password parameter\\n * **CVE-2025-59469** (CVSS score: 7.2) – A vulnerability that allows a Backup or Tape Operator to write files as root\\n\\n\\n\\nAll four identified vulnerabilities affect Veeam Backup \\u0026 Replication 13.0.1.180 and all earlier versions of 13 builds. They have been addressed in Backup \\u0026 Replication version 13.0.1.1071.\\n\\nWhile Veeam makes no mention of the flaws being exploited in the wild, it’s essential that users promptly apply the fixes, given that vulnerabilities in the software have been exploited by threat actors in the past.\\n\\nFound this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.\\n”,”published”:”2026-01-07T10:41:00″,”modified”:”2026-01-07T10:41:59″,”type”:”thn”,”title”:”Veeam Patches Critical RCE Vulnerability with CVSS 9.0 in Backup \\u0026 Replication”,”source”:””,”references”:””,”id”:”THN:F61430D8E29155D9C7FF9352642390CC”,”bulletinFamily”:”info”,”cwe”:null,”cvelist”:[“CVE-2025-55125″,”CVE-2025-59468″,”CVE-2025-59469″,”CVE-2025-59470″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/thehackernews.com\/2026\/01\/veeam-patches-critical-rce.html”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-01-07T10:49:32″,”description”:”\\n\\nVeeam has released security updates to address multiple flaws in its Backup \\u0026 Replication software, including a \\”critical\\” issue that could result in remote code…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,13,33,7,11,43,5],"class_list":["post-34413","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-security","tag-tapic","tag-thn","tag-vulnerability"],"yoast_head":"\n