Cyber Resilience

CVE-2025-59469

Critical

Published: 08 January 2026

Published
08 January 2026
Modified
14 January 2026
KEV Added
Patch
CVSS Score v3.1 9.0 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
EPSS Score 0.0061 44.5th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-59469 is a critical-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Veeam Veeam Backup \& Replication. Its CVSS base score is 9.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 44.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-59469 is a vulnerability that allows a Backup or Tape Operator to write files as root. It affects Veeam software, as detailed in the vendor's knowledge base article. The issue is classified under CWE-200 and carries a CVSS v3.1 base score of 9.0 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L). The CVE was published on 2026-01-08T17:15:48.183.

The vulnerability can be exploited by an authenticated attacker possessing Backup or Tape Operator privileges. Exploitation requires network access and is low in complexity with no user interaction needed. Successful attacks enable file writes as root, resulting in high confidentiality and integrity impacts, low availability impact, and a change in scope.

Veeam has published mitigation guidance in KB4792, which security practitioners should consult for patching instructions and workarounds.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

This vulnerability allows a Backup or Tape Operator to write files as root.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Vulnerability directly enables privilege escalation from operator role to root via file write abuse.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-55125Same product: Veeam Veeam Backup \& Replication
CVE-2025-48983Same product: Veeam Veeam Backup \& Replication
CVE-2025-48984Same product: Veeam Veeam Backup \& Replication
CVE-2026-21669Same product: Veeam Veeam Backup \& Replication
CVE-2026-21708Same product: Veeam Veeam Backup \& Replication
CVE-2026-21667Same product: Veeam Veeam Backup \& Replication
CVE-2026-21671Same product: Veeam Veeam Backup \& Replication
CVE-2025-59468Same product: Veeam Veeam Backup \& Replication
CVE-2026-21670Same product: Veeam Veeam Backup \& Replication
CVE-2025-23120Same product: Veeam Veeam Backup \& Replication

Affected Assets

veeam
veeam backup \& replication
13.0.0.4967 — 13.0.1.1071

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Employs least privilege to ensure Backup or Tape Operator roles cannot perform root-level file writes, directly preventing exploitation.

prevent

Enforces approved access authorizations, blocking the improper root file write capability granted to Backup or Tape Operators.

prevent

Identifies and patches the specific flaw in Veeam software enabling root writes by Backup or Tape Operators per vendor guidance.

References