Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Four important vulnerabilities in Veeam including 3 leading to remote code execution, Patch Immediately!
Image
Published : 08/01/2026
- Last update: 02/01/2026
- Affected software:
→ Veeam Backup & Replication- Type: Remote code execution, privilege escalation
- CVE/CVSS
→ CVE-2025-55125: CVSS 7.2
→ CVE-2025-59468: CVSS 6.7
→ CVE-2025-59469: CVSS 7.2
→ CVE-2025-59470: CVSS 9.0
Sources
Risks
On 6 January 2026, Veeam issued an advisory concerning four vulnerabilities in Veaam Backup & Replication. Three of the vulnerabilities can be exploited for remote code execution, one for privilege escalation.
Veeam Backup & Replication is a data backup and recovery software that is widely used across the world. The technology is popular among mid-sized to large organisations. Threat actors, especially ransomware groups, are known to have targeted this technology in the past.
There is no indication of active exploitation (cut-off date: 08 January 2026). The three remote code execution vulnerabilities mentioned in this advisory can only be exploited by attackers with the Backup or Tape Operator roles. However, it is likely that threat actors will attempt to weaponise these vulnerabilities quickly given the historical interest in using this technology for lateral movement.
Description
CVE-2025-55125 is a flaw in Veeam Backup & Replication with a CVSS score of 7.2. This vulnerability allows an attacker with a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious backup configuration file.
CVE-2025-59468 is a vulnerability in Veeam Backup & Replication with a CVSS score of 6.7. Successful exploitation of this vulnerability enables an attacker with a Backup Administrator to perform remote code execution (RCE) as the postgres user by sending a malicious password parameter.
CVE-2025-59469 is a privilege escalation flaw in Veeam Backup & Replication with a CVSS score of 7.2. A threat actor with a Backup or Tape Operator role could exploit this vulnerability to write files as root.
CVE-2025-59470 is a vulnerability in Veeam Backup & Replication with a CVSS score of 9.0. Successful exploitation of this vulnerability could allow a threat actor with a Backup or Tape Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Please note that Veeam considered the Backup and Tape Operator roles to be highly privileged roles who should be secured adequately with strong protections. Veeam recommends using its Security Guidelines (https://helpcenter.veeam.com/docs/vbr/userguide/security_guidelines.html?ver=13) to better protect such roles.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.
References
https://helpcenter.veeam.com/docs/vbr/userguide/security_guidelines.html?ver=13