—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Veeam Backup & Replication 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Software Affected

Veeam Backup & Replication 13.0.1.180 and all earlier version 13 builds.

Overview

Multiple vulnerabilities have been reported in Veeam Backup & Replication , which could be exploited by an authenticated domain user to execute arbitrary code on the targeted system.

Target Audience:

Enterprises and Large Organizations, cloud service providers using Veeam products.

Impact Assessment:

Potential for remote code execution.

Description

Veeam Backup & Replication is a data protection solution that provides backup, recovery, and replication capabilities.

Multiple vulnerabilities exist in Veeam Backup & Replication product, allowing any user who is part of the local users group or any domain user to exploit the flaw.

Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on targeted system.

Solution

Apply appropriate software updates as mentioned in Veeam security advisories:

https://www.veeam.com/kb4724

Vendor Information

 

https://www.veeam.com/kb4792

References

 

https://www.veeam.com/kb4792

CVE Name

CVE-2025-55125

CVE-2025-59468

CVE-2025-59469

CVE-2025-59470

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmllCaUACgkQ3jCgcSdc

ys8VBg/+OvSpbTOz634uHZBDSBpzo5PqbTz9PxdeJnMZS17h06WwdmUiXldtlJ+7

b+fcUIAyE3FoJXHSEv7wZig9tMn3lZBL8CHDyAjVBt4KErsSBunNu9KRRC4jsvjn

bSx+Dk+rouYw6ZG3S7BX1xE4k+Pw6TAtNAyrok1d+C4nrpijBMzQ7TiZsi3r2zXN

hiV2IpCMmV2ZfSAn7fyo9aA+ngD9q5B/IEc/UvD9NzXU54tBSsgAYwb1ggCaODQk

FRkJi6QNX8mlRA+vpr22RwI+Sg97MLeOhb+kBJphBNCMaVxZP9QVjeNjhW4hroqp

5mYT6d8aJqf9uwCcnIjO7YVGhoWPeJa/7hmycb6+qJS54P9DjiqifpRshyz2K2v9

THVZdbkrVoHIBih/p+gPLJ6xwkB8YxitR4+R7ZJpZ91Ky5Go5hXWjOaDCZJibCtV

/wbfLeyet/ts8lcUIGgqtXq9T1AtH6wA3duz0DdEwZdTrBW2pCKJJHlIVx69iMk4

pzeB1MRzTWSe2JAW5dcnD3/UvSrTPVqjxEtnvf3zUQ3Eny1QV8IB1xwriOpclzzg

iAZootLynGqWXWSpwQHda8aGNYZGDkgg36CgegbiVP9Edc0yijG98zTtm4QNQdnv

Iu8rnf+BwsKopNpkdK+UQOt+Yn5XCw/hYpBDKMBCHgxZNrdlzJU=

=nUJt

—–END PGP SIGNATURE—–