- 1/2026
- Critical
Veeam has released a security update to fix multiple vulnerabilities across Veeam Backup & Replication 13.0.1.180 and all earlier versions of 13 builds.
The addressed vulnerabilities could allow the remote attacker to gain elevated privileges, manipulate files, execute arbitrary code, and gain access to the affected system.
Sample of the addressed vulnerabilities:
1. Veeam Backup & Replication Remote Code Execution Vulnerability (CVE-2025-59470):
- CVSS: 9
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Gain Access
2. Veeam Backup & Replication Privileged Arbitrary File Write Vulnerability (CVE-2025-59469):
- CVSS: 7.2
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: File Manipulation
Vulnerabilities
- CVE-2025-55125
- CVE-2025-59468
- CVE-2025-59469
- CVE-2025-59470
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.