CVE-2025-59469

Critical

Published: 08 January 2026

Published

08 January 2026

Modified

14 January 2026

KEV Added

—

Patch

—

CVSS Score 9.0 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L

EPSS Score 0.0003 7.2th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-59469 is a critical-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Veeam Veeam Backup \& Replication. Its CVSS base score is 9.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 7.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-6 Least Privilege good match

prevent

Employs least privilege to ensure Backup or Tape Operator roles cannot perform root-level file writes, directly preventing exploitation.

AC-3 Access Enforcement good match

prevent

Enforces approved access authorizations, blocking the improper root file write capability granted to Backup or Tape Operators.

SI-2 Flaw Remediation good match

prevent

Identifies and patches the specific flaw in Veeam software enabling root writes by Backup or Tape Operators per vendor guidance.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Vulnerability directly enables privilege escalation from operator role to root via file write abuse.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

This vulnerability allows a Backup or Tape Operator to write files as root.

Deeper analysisAI

CVE-2025-59469 is a vulnerability that allows a Backup or Tape Operator to write files as root. It affects Veeam software, as detailed in the vendor's knowledge base article. The issue is classified under CWE-200 and carries a CVSS v3.1 base score of 9.0 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L). The CVE was published on 2026-01-08T17:15:48.183.

The vulnerability can be exploited by an authenticated attacker possessing Backup or Tape Operator privileges. Exploitation requires network access and is low in complexity with no user interaction needed. Successful attacks enable file writes as root, resulting in high confidentiality and integrity impacts, low availability impact, and a change in scope.

Veeam has published mitigation guidance in KB4792, which security practitioners should consult for patching instructions and workarounds.

Details

CWE(s): CWE-200

Affected Products

veeam

veeam backup \& replication

13.0.0.4967 — 13.0.1.1071

CVEs Like This One

CVE-2025-55125Same product: Veeam Veeam Backup \& Replication

CVE-2026-21667Same product: Veeam Veeam Backup \& Replication

CVE-2026-21669Same product: Veeam Veeam Backup \& Replication

CVE-2025-48983Same product: Veeam Veeam Backup \& Replication

CVE-2025-48984Same product: Veeam Veeam Backup \& Replication

CVE-2025-59468Same product: Veeam Veeam Backup \& Replication

CVE-2025-59470Same product: Veeam Veeam Backup \& Replication

CVE-2026-21668Same product: Veeam Veeam Backup \& Replication

CVE-2026-21671Same product: Veeam Veeam Backup \& Replication

CVE-2025-23120Same product: Veeam Veeam Backup \& Replication

References

https://www.veeam.com/kb4792
Vendor Advisory · support@hackerone.com