[VULNERABILITY ALERT] Veeam Backup & Replication Backup Software Contains a Critical Security Vulnerability (CVE-2025-59470)

POSTING DATE: 2026/01/14

Subject: [VULNERABILITY ALERT] Veeam Backup & Replication Backup Software Contains a Critical Security Vulnerability (CVE-2025-59470)

Content Description:
- Forwarded from Taiwan Computer Emergency Response Team/Coordination Center Security Alert TWCERTCC-200-202601-00000004
- Veeam Backup & Replication is the core backup software of Veeam. Recently, Veeam released a critical security vulnerability announcement. This vulnerability (CVE-2025-59470, CVSS: 9.0) allows a Backup or Tape Operator to send malicious interval or order parameters to execute remote code execution (RCE) as the postgres user.
Affected Platforms:
- Veeam Backup & Replication version 13.0.1.180 (inclusive) and earlier version 13 releases
Recommended Actions:
- Update Veeam Backup & Replication to version 13.0.1.1071 (inclusive) or later
Reference Material:
1. https://www.twcert.org.tw/tw/cp-169-10618-1b9d3-1.html

Computer and Communication Center
Network Systems Division, Respectfully