CVE-2025-59470

Veeam Backup & Replication and Affected Versions Veeam Backup & Replication versions 13.0.1.180 and earlier Description A critical remote code execution (RCE) vulnerability exists in Veeam Backup & Replication software. This flaw, tracked as CVE-2025-59470, has a CVSS score of 9.0 and allows a user with Backup or Tape Operator privileges to execute arbitrary code as the postgres user. The RCE can be triggered by sending crafted interval or order parameters. The vulnerability also includes additional RCE flaws and a root-level file write issue. Threat actors are actively exploiting this vulnerability, potentially leading to ransomware attacks and data theft. Approximately 550,000 users, including many Fortune 500 firms, are potentially at risk. The vulnerability is particularly concerning as Veeam servers are high-value targets for ransomware operators. Recommendations Upgrade to Veeam Backup & Replication version 13.0.1.1071 or later.