Veeam Software recently released important security updates to help protect against multiple vulnerabilities in its Backup & Replication software. It’s drawn ire from the entire cybersecurity community for shortcomings found in the new version, 13.0.1.180. Anyone using earlier builds of the 13 series are experiencing these issues.
The vulnerabilities being discussed are CVE-2025-55125, CVE-2025-59468 and CVE-2025-59469. In fact, so far they’ve each received extremely high CVSS scores of 7.2, 6.7, and 7.2 respectively. Taken alone, each vulnerability presents an immense threat as it enables unauthenticated remote code execution (RCE) in multiple scenarios.
Details of the Vulnerabilities
CVSS score is 7.2, high CVSS score. This enables a Backup or Tape Operator to perform remote code execution (RCE) as the root user, by crafting a backup configuration file. Likewise, CVE-2025-59468 lets an attacker with the role of Backup Administrator to execute RCE as the postgres user by sending a specially-crafted password parameter. The last vulnerability, CVE-2025-59469, which has a CVSS of 7.2, allows the same scenario with a Backup or Tape Operator being able to create files as root.
The CVSS scores indicate low, medium, high severity. Veeam still casts these vulnerabilities as “high severity,” placing stress on their possible damage—even if they’re not currently being exploited in the wild. The need for speed when it comes to these patches is understandable. As seen in past incidents, threat actors have been able to take advantage of known vulnerabilities in Veeam’s software.
Recommendations for Users
Given these exploitable weaknesses, Veeam highly recommends our customers to follow the guidance in Veeam’s Security Guidelines. These guidelines are designed to be a first line of defense in reducing the chance of or falling prey to nefarious actors. Veeam doesn’t have an announced ongoing exploitation of these vulnerabilities. In no way do they downplay the critical importance of continuing robust security practices.
“It is crucial for users to follow Veeam’s recommended Security Guidelines to reduce the opportunity for exploitation.” – Veeam documentation
Veeam’s recent releases include key updates to help increase security. To their credit, they have fixed three other vulnerabilities in the same product. This speaks to their commitment to keeping users’ data safe.
