CVE-2025-55125
published 2026-01-08CVE-2025-55125: This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious backup configuration file.
PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.80%
52.0th percentile
This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious
backup configuration file.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| veeam | backup_and_recovery | 13.0.0 – 13.0.0 | — |
| veeam | veeam_backup_replication | >= 13.0.0.4967 < 13.0.1.1071 | 13.0.1.1071 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2025-55125 is exploitable by users holding the Backup Operator or Tape Operator roles in Veeam Backup & Replication; monitor for privilege abuse by these roles, particularly file-creation activity involving backup configuration files. ↗
- →Veeam Backup & Replication versions prior to 13.0.1.1071 (all version 13 builds up to and including 13.0.1.180) are vulnerable; alert on or block execution of VBR builds older than 13.0.1.1071. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bleepingcomputer
New Veeam vulnerabilities expose backup servers to RCE attacks
blogs_bleepingcomputer·2026-01-07·CVSS 7.8
CVE-2025-59470 [HIGH] New Veeam vulnerabilities expose backup servers to RCE attacks
## New Veeam vulnerabilities expose backup servers to RCE attacks
## Sergiu Gatlan
Veeam released security updates to patch multiple security flaws in its Backup & Replication software, including a critical remote code execution (RCE) vulnerability.
Tracked as CVE-2025-59470, this RCE security flaw affects Veeam Backup & Replication 13.0.1.180 and all earlier version 13 builds.
"This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter," Veeam explained in a Tuesday advisory.
However, the information technology company adjusted its rating to high severity because it can only be exploited by attackers with the Backup or Tape Operator roles.
"The Backup and Tape Operator roles are c
Wiz
CVE-2025-55125 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-55125 [HIGH] CVE-2025-55125 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-55125 :
Veeam Backup & Replication vulnerability analysis and mitigation
This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious
backup configuration file.
Source : NVD
## 9.8
Score
Published January 8, 2026
Severity CRITICAL
CNA Score 7.8
Affected Technologies
Veeam Backup & Replication
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 25
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:veeam:veeam_backup_\&_replication
Sources
Windows Severity CRITICAL Has Fix Added at: Jan 11, 2026
Windows Severity CRITICAL Has Fix Added at: Jan 13, 2026
## Get a CVE risk assessment
Ge
2026-01-08
Published