{"id":175243,"date":"2026-01-07T05:41:00","date_gmt":"2026-01-07T10:41:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/07\/veeam-patches-critical-rce-vulnerability-with-cvss-9-0-in-backup-replication\/"},"modified":"2026-01-07T07:40:09","modified_gmt":"2026-01-07T12:40:09","slug":"veeam-patches-critical-rce-vulnerability-with-cvss-9-0-in-backup-replication","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/07\/veeam-patches-critical-rce-vulnerability-with-cvss-9-0-in-backup-replication\/","title":{"rendered":"Veeam Patches Critical RCE Vulnerability with CVSS 9.0 in Backup &#038; Replication"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/01\/veeam-patches-critical-rce.html\">Veeam Patches Critical RCE Vulnerability with CVSS 9.0 in Backup &#038; Replication<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/01\/veeam-patches-critical-rce.html\">https:\/\/thehackernews.com\/2026\/01\/veeam-patches-critical-rce.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-01-07 05:41:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points.<br \/>\n\ue802Jan 07, 2026\ue804Ravie LakshmananVulnerability \/ Enterprise Security<br \/>\nVeeam has released security updates to address multiple flaws in its Backup &#038; Replication software, including a &#8220;critical&#8221; issue that could result in remote code execution (RCE).<br \/>\nThe vulnerability, tracked as CVE-2025-59470, carries a CVSS score of 9.0.<br \/>\n&#8220;This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter,&#8221; it said in a Tuesday bulletin.<br \/>\nAccording to Veeam&#8217;s documentation, a user with a Backup Operator role can start and stop existing jobs; export backups; copy backups; and create VeeamZip backups. A Tape Operator user, on the other hand, can run tape backup jobs or tape catalog jobs; eject tapes; import and export tapes; move tapes to a media pool; copy or erase tapes; and set a tape password.<br \/>\nIn other words, these roles are considered highly privileged, and organizations should already be taking adequate protections to prevent them from being misused.<\/p>\n<p>Veeam said it&#8217;s treating the shortcoming as &#8220;high severity&#8221; despite the CVSS score, stating the opportunity for exploitation is reduced if customers follow Veeam&#8217;s recommended Security Guidelines.<br \/>\nAlso addressed by the company are three other vulnerabilities in the same product &#8211;<\/p>\n<p>CVE-2025-55125 (CVSS score: 7.2) &#8211; A vulnerability that allows a Backup or Tape Operator to perform RCE as root by creating a malicious backup configuration file<br \/>\nCVE-2025-59468 (CVSS score: 6.7) &#8211; A vulnerability that allows a Backup Administrator to perform RCE as the postgres user by sending a malicious password parameter<br \/>\nCVE-2025-59469 (CVSS score: 7.2) &#8211; A vulnerability that allows a Backup or Tape Operator to write files as root<\/p>\n<p>All four identified vulnerabilities affect Veeam Backup &#038; Replication 13.0.1.180 and all earlier versions of 13 builds. They have been addressed in Backup &#038; Replication version 13.0.1.1071.<br \/>\nWhile Veeam makes no mention of the flaws being exploited in the wild, it&#8217;s essential that users promptly apply the fixes, given that vulnerabilities in the software have been exploited by threat actors in the past.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Veeam Patches Critical RCE Vulnerability with CVSS 9.0 in Backup &#038; Replication https:\/\/thehackernews.com\/2026\/01\/veeam-patches-critical-rce.html Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":175244,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgYNBaEaqMpnYMFHKFEedrGcP4HSZ_2-sa5EjqnE0U1Hh_9-d2iu_UtCTxHavvjHYZq54fIa9Q3lyaXdHSH25-vn5kLz97muKX6Y8k8U4PG4Wer42axNEzxMsOeRq_1x4SUKvZCRQ4fBAmx7zWu2z2IkE5RTD8oW69YnKwn_K8AtXuC1eK2juaOVxg5QqeV\/s790-rw-e365\/veeam.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[27],"class_list":["post-175243","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/175243"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=175243"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/175243\/revisions"}],"predecessor-version":[{"id":175245,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/175243\/revisions\/175245"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/175244"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=175243"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=175243"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=175243"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}