Multiple security vulnerabilities threaten Veeam Back & Replication
An important security update closes multiple vulnerabilities in Veeam Back & Replication. No attacks are known so far.
(Image: Photon photo / Shutterstock.com)
Attackers can exploit various security vulnerabilities in Veeam Back & Replication and, in the worst case, execute malicious code to compromise instances. In one case, this is even possible with root privileges.
Various Dangers
In a warning message, the developers list a total of four vulnerabilities that have now been closed. Among them are two root vulnerabilities (CVE-2025-55125 “high,” CVE-2025-59469 “high”) through which attackers can remotely execute malicious code as root via backup or tape operator. In the second case, attackers can write files as a root user. In both cases, it can be assumed that systems are subsequently compromised.
Furthermore, the developers have closed a “critical” vulnerability (CVE-2025-59470). Malicious code can also reach systems through this. According to the developers, all versions of Veeam Back & Replication up to and including 13.0.1.180 are affected by the vulnerabilities. They assure that the security problems have been resolved from version 13.0.1.1071 onwards.
Videos by heise
Currently, there are no indications that attackers are targeting the backup solution through the mentioned vulnerabilities. However, this can change quickly. Therefore, admins should not postpone patching for too long. How attacks could proceed in detail and how to recognize already-attacked instances is currently unclear.
Most recently, the developers released security updates for Veeam Back & Replication in October of last year. In that case, the developers closed two critical malicious code vulnerabilities. There was also a patch for the Veeam Agent for Windows. At this point, attackers can gain higher user privileges after successful attacks.
(des)
