Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

New Veeam Vulnerability Exposes Backup Servers to Critical Remote Code Execution Attacks




A critical remote code execution (RCE) vulnerability has been discovered in Veeam Backup & Replication software, affecting over 550,000 customers worldwide. The vulnerability allows attackers with certain privileges to gain unauthorized access to the system and execute malicious commands. Organizations are advised to review their installations and apply all necessary updates to address this risk.



  • Veeam has released security updates to address multiple vulnerabilities in its Backup & Replication software.
  • A remote code execution (RCE) flaw, tracked as CVE-2025-59470, affects Veeam Backup & Replication 13.0.1.180 and all earlier version 13 builds.
  • The vulnerability allows a Backup or Tape Operator to perform remote code execution by sending a malicious interval or order parameter.
  • Veeam has adjusted the severity rating from high to moderate, as it can only be exploited by attackers with certain privileges.
  • A patch for CVE-2025-59470 was released on January 6, along with fixes for two other vulnerabilities.
  • Ransomware gangs have targeted VBR servers in the past, using them to steal data and block restoration efforts.
  • The vulnerability has been exploited by Frag ransomware and other attacks targeting vulnerable Veeam backup servers.
  • Over 550,000 customers worldwide rely on Veeam Backup & Replication, making this vulnerability a significant concern.



    • Veeam, a leading provider of backup and disaster recovery solutions, has recently released security updates to address multiple vulnerabilities in its Backup & Replication software. The most critical of these vulnerabilities is a remote code execution (RCE) flaw, tracked as CVE-2025-59470, which affects Veeam Backup & Replication 13.0.1.180 and all earlier version 13 builds.

    According to Veeam, this RCE vulnerability allows a Backup or Tape Operator to perform remote code execution by sending a malicious interval or order parameter. This means that an attacker with the appropriate privileges could potentially exploit this vulnerability to gain unauthorized access to the system and execute malicious commands.

    However, it's worth noting that the information technology company has adjusted its rating of this vulnerability from high severity to moderate severity, as it can only be exploited by attackers with the Backup or Tape Operator roles. The company also emphasized that following Veeam's recommended security guidelines further reduces the opportunity for exploitability.

    Veeam has released version 13.0.1.1071 on January 6 to patch CVE-2025-59470 and address two other high-severity (CVE-2025-55125) and medium-severity (CVE-2025-59468) vulnerabilities that enable malicious backup or tape operators to gain remote code execution by creating a malicious backup configuration file or sending a malicious password parameter, respectively.

    Veeam's Backup & Replication enterprise data backup and recovery software is widely used by mid-sized to large enterprises and managed service providers. Unfortunately, this software has also been targeted by ransomware gangs in the past, who use it as a quick pivot point for lateral movement within victims' environments.

    Ransomware gangs have previously told BleepingComputer that they always target victims' VBR servers because it simplifies data theft and makes it easy to block restoration efforts by deleting backups before deploying ransomware payloads. The Cuba ransomware gang and the financially motivated FIN7 threat group, which had previously collaborated with other ransomware gangs, have also been linked to attacks targeting VBR vulnerabilities.

    More recently, Sophos X-Ops incident responders revealed in November 2024 that Frag ransomware exploited another VBR RCE vulnerability (CVE-2024-40711) disclosed two months earlier. The same security flaw was also used in Akira and Fog ransomware attacks targeting vulnerable Veeam backup servers starting in October 2024.

    The use of Veeam Backup & Replication by over 550,000 customers worldwide, including 74% of Global 2,000 firms and 82% of Fortune 500 companies, makes this vulnerability a significant concern. As organizations continue to rely on backup and disaster recovery solutions like Veeam, it's essential that they prioritize security and take proactive steps to address vulnerabilities before they can be exploited by attackers.

    In light of this new vulnerability, IT professionals and cybersecurity experts are advised to review their Veeam installations and ensure that all necessary updates have been applied. Additionally, organizations should consider implementing additional security measures, such as multi-factor authentication and monitoring for suspicious activity, to further reduce the risk of exploitation.

    As the threat landscape continues to evolve, it's essential that IT professionals and organizations stay vigilant and proactive in addressing emerging vulnerabilities like this one.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/New-Veeam-Vulnerability-Exposes-Backup-Servers-to-Critical-Remote-Code-Execution-Attacks-ehn.shtml

  • https://www.bleepingcomputer.com/news/security/new-veeam-vulnerabilities-expose-backup-servers-to-rce-attacks/

  • https://www.veeam.com/kb4724

  • https://nvd.nist.gov/vuln/detail/CVE-2025-59470

  • https://www.cvedetails.com/cve/CVE-2025-59470/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-55125

  • https://www.cvedetails.com/cve/CVE-2025-55125/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-59468

  • https://www.cvedetails.com/cve/CVE-2025-59468/

  • https://nvd.nist.gov/vuln/detail/CVE-2024-40711

  • https://www.cvedetails.com/cve/CVE-2024-40711/


    • Published: Wed Jan 7 07:21:39 2026 by llama3.2 3B Q4_K_M


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us