Backup And Recovery
Approved changes feed: RSS · Atom
cpe:2.3:a:veeam:backup_and_recovery:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Veeam (203dc226-d9ed-503f-8231-d4e4e702036f) |
|---|---|
| Product | Backup And Recovery (4fc53fb6-fd3a-57f2-a3e5-a90e4fa11761) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-59470 |
vulnerable | 2026-06-03 15:06:25.179114 |
Details available
CRITICAL (9)
This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.
Published: 2026-01-08T16:18:20.275Z
Updated: 2026-02-26T15:04:54.450Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-59469 |
vulnerable | 2026-06-03 15:06:25.178764 |
Details available
CRITICAL (9)
This vulnerability allows a Backup or Tape Operator to write files as root.
Published: 2026-01-08T16:18:20.314Z
Updated: 2026-02-26T15:04:54.295Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-59468 |
vulnerable | 2026-06-03 15:06:25.177426 |
Details available
CRITICAL (9)
This vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the postgres user by sending a
malicious password parameter.
Published: 2026-01-08T16:18:20.416Z
Updated: 2026-02-26T15:04:54.137Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55125 |
vulnerable | 2026-06-03 15:04:57.685360 |
Details available
HIGH (7.8)
This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious
backup configuration file.
Published: 2026-01-08T16:18:20.398Z
Updated: 2026-01-08T17:33:26.470Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-24286 |
vulnerable | 2026-06-03 14:59:55.225001 |
Details available
HIGH (7.2)
A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code.
Published: 2025-06-18T23:30:51.882Z
Updated: 2025-06-23T16:05:15.947Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-23121 |
vulnerable | 2026-06-03 14:59:41.970428 |
Details available
CRITICAL (9.9)
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user
Published: 2025-06-18T23:30:48.375Z
Updated: 2025-06-23T16:05:49.555Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-23120 |
vulnerable | 2026-06-03 14:59:41.968810 |
Details available
CRITICAL (9.9)
A vulnerability allowing remote code execution (RCE) for domain users.
Published: 2025-03-20T15:11:39.456Z
Updated: 2025-03-20T16:13:01.660Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-40714 |
vulnerable | 2026-06-03 14:56:33.394953 |
Details available
HIGH (8.3)
An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations.
Published: 2024-09-07T16:11:22.237Z
Updated: 2024-09-09T14:03:17.836Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-40713 |
vulnerable | 2026-06-03 14:56:33.394627 |
Details available
HIGH (7.8)
A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA.
Published: 2024-09-07T16:11:22.216Z
Updated: 2024-09-09T14:22:01.961Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-40712 |
vulnerable | 2026-06-03 14:56:33.394267 |
Details available
HIGH (7.8)
A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE).
Published: 2024-09-07T16:11:22.203Z
Updated: 2024-09-09T15:18:23.506Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-40710 |
vulnerable | 2026-06-03 14:56:33.390289 |
Details available
HIGH (8.8)
A series of related high-severity vulnerabilities, the most notable enabling remote code execution (RCE) as the service account and extraction of sensitive information (savedcredentials and passwords). Exploiting these vulnerabilities requires a user who has been assigned a low-privileged role within Veeam Backup & Replication.
Published: 2024-09-07T16:11:22.182Z
Updated: 2024-09-09T16:28:11.865Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-40709 |
vulnerable | 2026-06-03 14:56:33.388148 |
Details available
HIGH (7.8)
A missing authorization vulnerability allows a local low-privileged user on the machine to escalate their privileges to root level.
Published: 2024-09-07T16:11:22.216Z
Updated: 2024-12-04T15:01:02.058Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-39718 |
vulnerable | 2026-06-03 14:56:22.283801 |
Details available
HIGH (8.1)
An improper input validation vulnerability that allows a low-privileged user to remotely remove files on the system with permissions equivalent to those of the service account.
Published: 2024-09-07T16:11:22.180Z
Updated: 2024-11-01T19:18:00.417Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.