Critical RCE Flaw in Veeam Backup & Replication: CVE-2025-59470 with CVSS 9.0

Veeam has resolved a critical remote code execution (RCE) vulnerability in its Backup & Replication product, identified as CVE-2025-59470 with a CVSS score of 9.0. This vulnerability enables users with the Backup Operator or Tape Operator roles to execute code remotely as the postgres user. Veeam Backup & Replication is a widely deployed solution for data backup and recovery. The vulnerability's high CVSS score of 9.0 indicates its severity and potential impact on affected systems. The update also addresses other security issues in the product, although specific details about these additional vulnerabilities are not provided in the available information. It is crucial for organizations using Veeam Backup & Replication to apply the latest updates to mitigate the risks associated with these vulnerabilities. The provided information does not indicate whether these vulnerabilities are being actively exploited or the exact release date of the patches. From a cybersecurity perspective, this vulnerability underscores the importance of timely patch management and the principle of least privilege. Organizations should ensure that users have only the minimum permissions necessary to perform their tasks and that systems are updated with the latest security patches. For further details, refer to the source article at the provided URL.