Veeam Critical Vulnerability - 20260109002¶
Overview¶
Veeam has published updates addressing a critical vulnerability that allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.
What is vulnerable?¶
| Product(s) Affected | Version(s) | CVE | CVSS | Severity |
|---|---|---|---|---|
| Veeam Backup & Replication | 13.x prior to 13.0.1.1071 | CVE-2025-59470 | 9.0 | Critical |
Please Note: Vendor mention of previous versions of Veeam Backup & Replication (i.e., 12.x and older) are not impacted by these vulnerabilities.
What has been observed?¶
The WASOC has not received any reports of exploitation of this vulnerability on Western Australia Government networks at the time of writing.
Recommendation¶
The WASOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframes (refer Patch Management):
- Veeam: https://www.veeam.com/kb4792