What are you looking for ?
Mobile Search Icon
Mobile Menu Icon
itpresstour
RAIDON

Veeam Security Advisory on Resolved Vulnerabilities in Veeam Backup & Replication 13.0.1.1071

CVE-2025-55125, CVE-2025-59468, CVE-2025-59469, and CVE-2025-59470 vulnerabilities

This is a Press Release edited by StorageNewsletter.com on January 9, 2026 at 2:00 pm

Veeam Software, Inc. had published a security advisory concerning resolved vulnerabilities.

KB ID: 4792
Product: Veeam Backup & Replication | 13 
Published: 2026-01-06 
Last Modified: 2026-01-06

Issue Details
All vulnerabilities disclosed in this article affect Veeam Backup & Replication 13.0.1.180 and all earlier version 13 builds.
Note: Previous versions of Veeam Backup & Replication (i.e., 12.x and older) are not impacted by these vulnerabilities.

CVE-2025-55125
This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious backup configuration file.
Severity: High
CVSS v3.1 Score: 7.2
Source: Discovered during internal testing.

CVE-2025-59468
This vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the postgres user by sending a malicious password parameter.
Severity: Medium
CVSS v3.1 Score: 6.7
Source: Discovered during internal testing.

CVE-2025-59469
This vulnerability allows a Backup or Tape Operator to write files as root.
Severity: High
CVSS v3.1 Score: 7.2
Source: Discovered during internal testing.

CVE-2025-59470
This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.
Adjusted Severity (*): High
CVSS Severity: Critical
CVSS v3.1 Score: 9.0
Source: Discovered during internal testing.

(*) Reason for Adjustment: The Backup and Tape Operator roles are considered highly privileged roles and should be protected as such. Following Veeam’s recommended Security Guidelines further reduces the opportunity for exploitability. Due to these factors affecting the temporal and environmental vectors of CVSS, Veeam has adjusted its response to this vulnerability to align with that of a High severity rating.

Solution
These vulnerabilities were fixed starting with the following build:

Articles_bottom
SNL Awards_2026
AIC