Veeam issues patch to close critical remote code execution flaw

Veeam issued an update for Backup & Replication v13 to fix CVE-2025-59470, a remote code execution vulnerability that could allow users assigned the Backup Operator or Tape Operator roles to execute commands as the product's 'postgres' database user; Veeam lists the CVSS score as 9.0 but treats the issue as high severity because it requires those privileged roles and there are no reports of active exploitation. See Veeam KB: https://www.veeam.com/kb4792