Veeam has recently identified four critical vulnerabilities in its Backup & Replication suite, particularly in version 13. The company has promptly issued a patch to address these issues, which could allow individuals with certain administrative roles to execute remote code and manipulate backup configuration files.
Among the vulnerabilities, CVE-2025-59470 has a criticality score of 9. It enables an unauthorized user to execute malicious commands through specific parameters. Other issues include the ability to write files as the root user and perform remote code execution through malicious backup config files.
The patch update, version 13.0.1.1071, is described as easy to install and non-disruptive. Veeam’s vice-president of product strategy, Rick Vanover, assured that despite the severity of the vulnerabilities, the immutable nature of backups prevents data destruction.
However, Veeam advises users to audit their backup configuration files and monitor backup jobs closely, especially if they haven’t been updated for some time. Security experts stress the importance of regular audits of backup systems, as they are common targets for attackers, particularly ransomware threats. It’s crucial for administrators to review access controls and be vigilant for unusual activity that may indicate a security breach.
For more details, you can refer to Veeam’s official vulnerability announcement.
