New Veeam vulnerabilities expose backup servers to RCE attacks

Veeam released security updates addressing multiple vulnerabilities in Backup & Replication—most notably CVE-2025-59470 (an RCE affecting v13.0.1.180 and earlier)—and recommends patching and role hardening; although Veeam downgraded the rating to high because exploitation requires Backup or Tape Operator privileges, the product’s widespread use and history of ransomware actors targeting VBR servers make timely remediation critical.