Ethical Hacking News
Veeam has recently addressed critical security vulnerabilities in its Backup & Replication software, including a Remote Code Execution (RCE) flaw rated CVSS 9.0. The most severe vulnerability allows a Backup or Tape Operator to perform RCE as the postgres user by abusing malicious interval or order parameters.
Veeam has addressed critical security vulnerabilities in its Backup & Replication software.The most severe vulnerability, CVE-2025-59470, is a Remote Code Execution (RCE) flaw rated CVSS 9.0.Three other vulnerabilities were also patched: RCE as root via malicious backup, RCE as postgres via password, and file write as root.The discovery highlights the importance of regular software updates and patching.Users should keep their software up-to-date and follow best practices in terms of security to prevent exploitation.Responsible disclosure by cybersecurity researchers is crucial to protect users and prevent potential attacks.
Veeam, a leading provider of data protection solutions, has recently addressed several critical security vulnerabilities in its Backup & Replication software. According to the company's official advisory, the vulnerabilities were discovered during internal testing and have been patched in version 13.0.1.1071.
The most severe vulnerability, tracked as CVE-2025-59470, is a Remote Code Execution (RCE) flaw rated CVSS 9.0. This critical issue allows a Backup or Tape Operator to perform RCE as the postgres user by abusing malicious interval or order parameters. The vulnerability was downgraded from Critical to High severity due to the fact that Backup and Tape Operator roles are highly privileged, and following security guidelines lowers exploitability.
In addition to the CVE-2025-59470 vulnerability, Veeam has also addressed three other vulnerabilities: RCE as root via malicious backup (CVE-2025-55125, CVSS score of 7.2), RCE as postgres via password (CVE-2025-59468, CVSS score of 6.7), and file write as root (CVE-2025-59469, CVSS score of 7.2). These vulnerabilities were also patched in version 13.0.1.1071.
The discovery of these critical security vulnerabilities highlights the importance of regular software updates and patching. As stated by Veeam, "the issue was downgraded to High severity" due to the fact that Backup and Tape Operator roles are highly privileged, and following security guidelines lowers exploitability. However, this does not mean that users should take their security posture lightly.
The recent patch from Veeam serves as a reminder that even seemingly secure software can have critical vulnerabilities waiting to be exploited. As cybersecurity experts would say, "a vulnerability is not considered 'fixed' until it has been confirmed by the vendor and tested by multiple third-party organizations."
In light of this, it is essential for users to keep their software up-to-date and to follow best practices in terms of security. This includes regularly monitoring system logs, implementing strict access controls, and conducting regular vulnerability assessments.
Furthermore, the patch from Veeam also underscores the importance of responsible disclosure. As cybersecurity researchers, we have a duty to report vulnerabilities to vendors and help them fix them before they can be exploited by malicious actors. This not only helps protect users but also prevents potential attacks that could have been launched using these vulnerabilities.
In conclusion, the recent patch from Veeam highlights the ongoing battle against cyber threats. As software providers continue to address new security vulnerabilities, it is essential for users to stay vigilant and take proactive steps to protect their systems.
Related Information:
https://www.ethicalhackingnews.com/articles/Veeam-Addresses-Critical-RCE-Flaw-and-Other-Security-Vulnerabilities-in-Backup--Replication-Software-ehn.shtml
https://securityaffairs.com/186630/security/veeam-resolves-cvss-9-0-rce-flaw-and-other-security-issues.html
https://thehackernews.com/2025/06/veeam-patches-cve-2025-23121-critical.html
https://www.theregister.com/2025/06/18/veeam_fixes_third_critical_rce/
https://nvd.nist.gov/vuln/detail/CVE-2025-59470
https://www.cvedetails.com/cve/CVE-2025-59470/
https://nvd.nist.gov/vuln/detail/CVE-2025-55125
https://www.cvedetails.com/cve/CVE-2025-55125/
https://nvd.nist.gov/vuln/detail/CVE-2025-59468
https://www.cvedetails.com/cve/CVE-2025-59468/
https://nvd.nist.gov/vuln/detail/CVE-2025-59469
https://www.cvedetails.com/cve/CVE-2025-59469/
Published: Wed Jan 7 07:00:35 2026 by llama3.2 3B Q4_K_M
