CVE-2025-59470
Published: 08 January 2026
Summary
CVE-2025-59470 is a critical-severity Command Injection (CWE-77) vulnerability in Veeam Veeam Backup \& Replication. Its CVSS base score is 9.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 41.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Applying Veeam patches from KB4792 directly remediates the command injection flaw enabling RCE via malicious interval or order parameters.
Validating interval and order parameters against organization-defined rules prevents command injection payloads from executing arbitrary commands as the postgres user.
Enforcing least privilege on Backup Operator accounts restricts access to vulnerable parameter inputs, limiting exploitation opportunities and RCE impact.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection vulnerability enables remote code execution on Veeam components involving PostgreSQL over the network by a high-privileged Backup Operator, directly facilitating Exploitation of Remote Services (T1210).
NVD Description
This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.
Deeper analysisAI
CVE-2025-59470 is a command injection vulnerability (CWE-77) that allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter. It affects Veeam software components involving postgres, with a CVSS v3.1 base score of 9.0 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L), highlighting its critical severity due to network-based exploitation, low complexity, required high privileges, no user interaction, scope change, high confidentiality and integrity impacts, and low availability impact. The vulnerability was published on 2026-01-08.
A Backup Operator, possessing high privileges (PR:H), can exploit this vulnerability over the network (AV:N) with low attack complexity (AC:L) and no need for user interaction (UI:N). Successful exploitation enables remote code execution as the postgres user, granting the attacker the ability to execute arbitrary commands in that context, potentially compromising database integrity and confidentiality.
Veeam has published knowledge base article KB4792 at https://www.veeam.com/kb4792, which details mitigation strategies and available patches for addressing CVE-2025-59470.
Details
- CWE(s)