Remote Code Execution Vulnerability in Veeam Backup & Replication by Veeam
CVE-2025-59468

9CRITICAL

Key Information:

Vendor: Veeam
Status: Backup And Recovery
Vendor: CVE Published:; 8 January 2026

What is CVE-2025-59468?

This vulnerability enables a Backup Administrator to execute remote code with the privileges of the postgres user by manipulating a password parameter in the Veeam Backup & Replication software. Malicious actors can exploit this flaw to gain unauthorized access and control over the system, posing significant security risks to data integrity and privacy.

Affected Version(s)

Backup and Recovery 13.0.0

References

https://www.veeam.com/kb4792

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 8, 2026
Vulnerability Reserved
Sep 16, 2025

JSON