cbcvebase.
CVE-2025-55125
published 2026-01-08

CVE-2025-55125: This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious backup configuration file.

PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.80%
52.0th percentile
This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious backup configuration file.

Affected

2 ranges
VendorProductVersion rangeFixed in
veeambackup_and_recovery13.0.0 – 13.0.0
veeamveeam_backup_replication>= 13.0.0.4967 < 13.0.1.107113.0.1.1071

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2025-55125 is exploitable by users holding the Backup Operator or Tape Operator roles in Veeam Backup & Replication; monitor for privilege abuse by these roles, particularly file-creation activity involving backup configuration files.
  • Veeam Backup & Replication versions prior to 13.0.1.1071 (all version 13 builds up to and including 13.0.1.180) are vulnerable; alert on or block execution of VBR builds older than 13.0.1.1071.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.