Veeam launched security updates to patch a number of security flaws in its Backup & Replication software program, together with a crucial distant code execution (RCE) vulnerability.
Tracked as CVE-2025-59470, this RCE security flaw impacts Veeam Backup & Replication 13.0.1.180 and all earlier model 13 builds.
“This vulnerability permits a Backup or Tape Operator to carry out distant code execution (RCE) because the postgres consumer by sending a malicious interval or order parameter,” Veeam defined in a Tuesday advisory.
Nonetheless, the data expertise firm adjusted its ranking to excessive severity as a result of it may possibly solely be exploited by attackers with the Backup or Tape Operator roles.
“The Backup and Tape Operator roles are thought of extremely privileged roles and needs to be protected as such. Following Veeam’s beneficial Safety Pointers additional reduces the chance for exploitability,” it added.
Veeam launched model 13.0.1.1071 on January 6 to patch CVE-2025-59470 and deal with two different high-severity (CVE-2025-55125) and medium-severity (CVE-2025-59468) vulnerabilities that allow malicious backup or tape operators to achieve distant code execution by making a malicious backup configuration file or sending a malicious password parameter, respectively.
Veeam’s Backup & Replication (VBR) enterprise knowledge backup and restoration software program helps create copies of crucial knowledge and functions that may be rapidly restored following cyberattacks, {hardware} failures, or disasters.
Veeam flaws focused by ransomware gangs
VBR is especially fashionable amongst mid-sized to giant enterprises and managed service suppliers, but it surely’s additionally typically focused by ransomware gangs, since it may possibly function a fast pivot level for lateral motion inside victims’ environments.
Ransomware gangs have beforehand advised BleepingComputer that they at all times goal victims’ VBR servers as a result of it simplifies knowledge theft and makes it simple to dam restoration efforts by deleting backups earlier than deploying ransomware payloads.
The Cuba ransomware gang and the financially motivated FIN7 menace group (which had beforehand collaborated with the Conti, REvil, Maze, Egregor, and BlackBasta ransomware gangs) have additionally been linked to assaults focusing on VBR vulnerabilities up to now.
Extra not too long ago, Sophos X-Ops incident responders revealed in November 2024 that Frag ransomware exploited one other VBR RCE vulnerability (CVE-2024-40711) disclosed two months earlier. The identical security flaw was additionally utilized in Akira and Fog ransomware assaults focusing on weak Veeam backup servers beginning in October 2024.
Veeam’s merchandise are utilized by over 550,000 clients worldwide, together with 74% of World 2,000 companies and 82% of Fortune 500 corporations.
As MCP (Mannequin Context Protocol) turns into the usual for connecting LLMs to instruments and knowledge, security groups are transferring quick to maintain these new companies secure.
This free cheat sheet outlines 7 greatest practices you can begin utilizing right now.
